Pbootcms
Monthly
SQL Injection vulnerability in pbootCMS versions 3.2.5 and 3.2.10 that allows unauthenticated remote attackers to execute arbitrary SQL queries via crafted GET requests, potentially leading to unauthorized data disclosure, modification, or system compromise. With a CVSS score of 8.8 and network-accessible attack vector requiring only user interaction, this represents a critical threat to publicly exposed pbootCMS installations. The vulnerability's high impact on confidentiality, integrity, and availability suggests potential for large-scale exploitation if proof-of-concept code becomes available.
A vulnerability was found in PbootCMS 3.2.5. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
PbootCMS v3.2.9 contains a XSS vulnerability in admin.php?p=/Content/index/mcode/2#tab=t2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SQL Injection vulnerability in pbootCMS versions 3.2.5 and 3.2.10 that allows unauthenticated remote attackers to execute arbitrary SQL queries via crafted GET requests, potentially leading to unauthorized data disclosure, modification, or system compromise. With a CVSS score of 8.8 and network-accessible attack vector requiring only user interaction, this represents a critical threat to publicly exposed pbootCMS installations. The vulnerability's high impact on confidentiality, integrity, and availability suggests potential for large-scale exploitation if proof-of-concept code becomes available.
A vulnerability was found in PbootCMS 3.2.5. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
PbootCMS v3.2.9 contains a XSS vulnerability in admin.php?p=/Content/index/mcode/2#tab=t2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.