CVE-2018-19053

Name of the Vulnerable Software and Affected Versions PbootCMS version 1.2.2

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by specifying a .php filename in a "SET GLOBAL general log file" statement, followed by a SELECT statement containing the PHP code.

Recommendations For PbootCMS version 1.2.2, consider restricting access to the SQL interface to prevent the execution of malicious SQL statements until a patch is available. As a temporary workaround, avoid using the general log file variable in SQL statements to minimize the risk of exploitation.