CVE-2025-15154

Medium CVSS: 5.5

A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

Vendor

Pbootcms

Product

Pbootcms

CWE

CWE-348

Yayın Tarihi

2025-12-28 21:15:54

Güncelleme

2025-12-30 19:02:50

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-348 Pbootcms MEDIUM Pbootcms 2025

Referanslar

https://note-hxlab.wetolink.com/share/JyBNgF8JagWQ https://vuldb.com/?ctiid.338532 https://vuldb.com/?id.338532 https://vuldb.com/?submit.719818

Benzer Kayıtlar

Medium

CVE-2025-15153

A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db o…

High

CVE-2025-46109

SQL Injection vulnerability in pbootCMS v.3.2.5 and v.3.2.10 allows a remote attacker to obtain sensitive information vi…

Medium

CVE-2025-3787

A vulnerability was found in PbootCMS 3.2.5. It has been classified as problematic. Affected is an unknown function of t…

Medium

CVE-2025-29389

PbootCMS v3.2.9 contains a XSS vulnerability in admin.php?p=/Content/index/mcode/2#tab=t2.

Medium

CVE-2020-19248

SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements in templates, resulting in a malicious user's abi…