CVE-2018-10132

Name of the Vulnerable Software and Affected Versions: PbootCMS version 0.9.8

Description: The issue allows for CSRF via an "admin.php/Message/mod/id/19.html?backurl=/index.php" request. This results in PHP code injection in the recontent parameter.

Recommendations: For PbootCMS version 0.9.8, as a temporary workaround, consider restricting access to the "admin.php/Message/mod/id/19.html" endpoint to minimize the risk of exploitation. Avoid using the recontent parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.