Search Results | AttackerKB

PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2020-17901

Disclosure Date: November 30, 2020 (last updated February 22, 2025)

Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user.

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2018-16356

Disclosure Date: March 02, 2020 (last updated February 21, 2025)

An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2018-16357

Disclosure Date: March 02, 2020 (last updated February 21, 2025)

An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2019-17417

Disclosure Date: October 10, 2019 (last updated November 27, 2024)

PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.

Attack Vector: Network Privileges: High User Interaction: Required

Attacker Value

Unknown

CVE-2019-8422

Disclosure Date: February 17, 2019 (last updated November 27, 2024)

A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.

Attacker Value

Unknown

CVE-2019-7570

Disclosure Date: February 07, 2019 (last updated November 27, 2024)

A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI.

29 Total Results

Displaying 11-20 of 29

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Quick Cookie Notification