Is PHP affected by CVE-2026-4510?

Organizations using PbootCMS should be aware of moderate risk from CVE-2026-4510, a cross-site scripting vulnerability rated CVSS 4.3. Attackers could inject scripts to steal sessions or perform actions as authenticated users. Proof-of-concept code is publicly available.

CVE-2026-4510

EUVD-2026-14242 MEDIUM

2026-03-21 VulDB

GHSA-89w6-5gpp-wfvp

4.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

PoC Detected

Mar 23, 2026 - 14:31 vuln.today

Public exploit code

Analysis Generated

Mar 21, 2026 - 07:15 vuln.today

EUVD ID Assigned

Mar 21, 2026 - 07:15 euvd

EUVD-2026-14242

CVE Published

Mar 21, 2026 - 07:02 nvd

MEDIUM 4.3

Description

A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alert_location of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipulation of the argument backurl causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

Analysis

A reflected cross-site scripting (XSS) vulnerability exists in PbootCMS versions up to 3.2.12 in the alert_location function of the MemberController.php file, where the backurl parameter is not properly sanitized before output. An attacker can craft a malicious URL containing JavaScript code that will execute in a victim's browser when they click the link, potentially leading to session hijacking, credential theft, or malware distribution. …

Remediation

Within 30 days: Identify affected systems running PbootCMS and apply vendor patches as part of regular patch cycle. Verify Content-Security-Policy and output encoding.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +22

POC: +20

CVE-2026-4510 vulnerability details – vuln.today

Back

CVE-2026-4510

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-4510

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code