Primary

Context

PbootCMS SQL Injection Vulnerability in Template Parsing

Vulnerability

Patched

A SQL injection vulnerability has been identified in PbootCMS version 1.4.1. This issue arises from the improper parsing of 'if' statements in templates, allowing malicious users to inject harmful content into templates. The vulnerability is triggered when the application uses 'eval' statements to process these templates, potentially leading to code execution.

Impact

Exploitation of this vulnerability allows for SQL injection, with the possibility of executing arbitrary code through the injected payloads.

Reproduction

To reproduce this vulnerability, upload a template that includes a 'pboot:if' statement. The injected content can be crafted to include SQL injection payloads. Once the template is processed, the 'eval' function will execute the injected SQL code, exploiting the vulnerability.

Remediation

Users are advised to update to PbootCMS version 4.2, which addresses this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

10.0

exploitability

9.7

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

10.0

exploitability

9.7

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PbootCMS SQL Injection Vulnerability in Template Parsing

Vulnerability

Impact

Reproduction

Remediation

Affected Products

PbootCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating