Description
PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality
Published: 2026-05-26
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in PbootCMS version 3.2.11’s site configuration feature allows an attacker to supply values that are processed and executed by the underlying server. The weakness is a code injection vulnerability (CWE‑79). The CVSS score of 4.3 indicates a low severity but the potential for unauthorized code execution remains a concern.

Affected Systems

The vulnerability applies to the PbootCMS content management system, version 3.2.11. No other products, vendors or version ranges are listed as affected.

Risk and Exploitability

The low CVSS score (4.3) and an EPSS value below 1 % suggest a small exploitation chance; the issue is not catalogued in the CISA KEV list. The attack likely proceeds through the administrative site‑configuration interface, which typically requires authenticated access. If the attacker obtains or exploits such access, arbitrary code could run on the server, potentially leading to further compromise.

Generated by OpenCVE AI on May 28, 2026 at 00:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Validate and sanitize all configuration parameters to block unsafe code execution
  • Enforce strict role‑based access control and authentication on the site‑configuration interface, limiting it to trusted administrators only
  • Monitor configuration activity for anomalies and apply vendor‑issued patches or updates promptly when a fix is available

Generated by OpenCVE AI on May 28, 2026 at 00:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 00:45:00 +0000

Type Values Removed Values Added
Title Code Injection Vulnerability in PbootCMS Site Configuration

Wed, 27 May 2026 23:15:00 +0000

Type Values Removed Values Added
Title PbootCMS 3.2.11 Code Injection via Site Configuration
Weaknesses CWE-94

Wed, 27 May 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 22:45:00 +0000

Type Values Removed Values Added
Title PbootCMS 3.2.11 Code Injection via Site Configuration
Weaknesses CWE-94

Tue, 26 May 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Pbootcms
Pbootcms pbootcms
Vendors & Products Pbootcms
Pbootcms pbootcms

Tue, 26 May 2026 20:30:00 +0000

Type Values Removed Values Added
Description PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality
References

Subscriptions

Pbootcms Pbootcms
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-27T17:29:31.620Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36239

cve-icon Vulnrichment

Updated: 2026-05-27T17:29:17.143Z

cve-icon NVD

Status : Deferred

Published: 2026-05-26T21:16:36.480

Modified: 2026-06-17T10:41:05.550

Link: CVE-2026-36239

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T00:30:02Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')