Description
PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality
Published: 2026-05-26
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

PbootCMS version 3.2.11 contains a code injection flaw in its site configuration feature, allowing an attacker to provide input that is executed by the server. This vulnerability can enable unauthorized code execution, data disclosure, or service disruption. The weakness is caused by improper handling of user-supplied configuration values and is classified under CWE-94.

Affected Systems

The vulnerability affects the PbootCMS content management system, specifically the 3.2.11 release. No other product versions or vendors are listed as affected.

Risk and Exploitability

The CVSS score is not supplied by the CNA; the EPSS score is unavailable, indicating no known exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is through malicious input submitted via the site configuration interface, which may require authenticated access to the administrative panel. Attackers would aim to inject code that is then executed by the server, potentially leading to unauthorized code execution, data disclosure, or service disruption.

Generated by OpenCVE AI on May 26, 2026 at 22:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest PbootCMS release that fixes the code injection flaw
  • Restrict or disable direct access to the site configuration interface and enforce strict access controls
  • Implement input validation and sanitization for all configuration parameters to prevent arbitrary code execution

Generated by OpenCVE AI on May 26, 2026 at 22:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 22:45:00 +0000

Type Values Removed Values Added
Title PbootCMS 3.2.11 Code Injection via Site Configuration
Weaknesses CWE-94

Tue, 26 May 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Pbootcms
Pbootcms pbootcms
Vendors & Products Pbootcms
Pbootcms pbootcms

Tue, 26 May 2026 20:30:00 +0000

Type Values Removed Values Added
Description PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality
References

Subscriptions

Pbootcms Pbootcms
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-26T20:14:25.790Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36239

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-26T21:16:36.480

Modified: 2026-05-26T21:16:36.480

Link: CVE-2026-36239

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T22:30:18Z

Weaknesses