SQL Injection vulnerability in PbootCMS 1.4.1 in parsing... · CVE-2020-19248 · GitHub Advisory Database · GitHub

SQL Injection vulnerability in PbootCMS 1.4.1 in parsing...

Moderate severity Unreviewed Published Feb 21, 2025 to the GitHub Advisory Database • Updated Feb 21, 2025

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements in templates, resulting in a malicious user's ability to contaminate template content by searching for page contamination URLs, thus triggering vulnerabilities when the program uses eval statements to parse templates.

References

Published by the National Vulnerability Database

Feb 21, 2025

Published to the GitHub Advisory Database Feb 21, 2025

Last updated Feb 21, 2025

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Local

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N