Every CVE whose affected-product data names Pbootcms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (36)
CVE-2021-37497 — CVSS 9.8 (critical): SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request.
CVE-2018-10133 — CVSS 9.8 (critical): PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the…
CVE-2018-11369 — CVSS 9.8 (critical): An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the…
CVE-2018-18450 — CVSS 9.8 (critical): apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the…
CVE-2022-32417 — CVSS 9.8 (critical): PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php.
CVE-2018-19595 — CVSS 9.8 (critical): PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an…
CVE-2018-19893 — CVSS 9.8 (critical): SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string.
CVE-2025-46109 — CVSS 8.8 (high): SQL Injection vulnerability in pbootCMS v.3.2.5 and v.3.2.10 allows a remote attacker to obtain sensitive information via a crafted GET…
CVE-2018-11018 — CVSS 8.8 (high): An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.p…
CVE-2020-20971 — CVSS 8.8 (high): Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index.
CVE-2018-10132 — CVSS 8.8 (high): PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the…
CVE-2018-18211 — CVSS 8.1 (high): PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI.
CVE-2023-50082 — CVSS 7.5 (high): Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via…
CVE-2021-28245 — CVSS 7.5 (high): PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information…
CVE-2019-8422 — CVSS 7.2 (high): A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php…
CVE-2018-19053 — CVSS 7.2 (high): PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file"…
CVE-2020-17901 — CVSS 6.5 (medium): Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user.
CVE-2020-22535 — CVSS 6.5 (medium): Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in upgradecontroller.php.
CVE-2019-7570 — CVSS 6.5 (medium): A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI.
CVE-2024-12789 — CVSS 6.3 (medium): A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file…
CVE-2025-15154 — CVSS 5.3 (medium): A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file…
CVE-2020-19248 — CVSS 5.1 (medium): SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements in templates, resulting in a malicious user's ability to contaminate…
CVE-2019-17417 — CVSS 4.8 (medium): PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.
CVE-2020-18456 — CVSS 4.8 (medium): Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via the title parameter in the mod function in SingleController.php.
CVE-2024-12793 — CVSS 4.3 (medium): A vulnerability, which was classified as problematic, has been found in PbootCMS up to 5.2.3. Affected by this issue is some unknown…
CVE-2025-15153 — CVSS 3.7 (low): A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component…
CVE-2025-3787 — CVSS 2.7 (low): A vulnerability was found in PbootCMS 3.2.5. It has been classified as problematic. Affected is an unknown function of the component Image…
CVE-2024-1018 — CVSS 2.4 (low): A vulnerability classified as problematic has been found in PbootCMS 3.2.5-20230421. Affected is an unknown function of the file…