PT-2026-26881 · Pbootcms · Pbootcms

Zmjjkk

·

Publicado

2026-03-21

·

Atualizado

2026-03-21

·

CVE-2026-4509

CVSS v2.0

6.5

Média

VetorAV:N/AC:L/Au:S/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions PbootCMS versions prior to 3.2.13
Description A security flaw exists in PbootCMS up to version 3.2.12 related to incomplete blacklist handling within the File Upload component. The issue resides in the file core/function/file.php and involves manipulation of the black argument. This allows for remote attacks. The exploit has been publicly released.
Recommendations Update PbootCMS to version 3.2.13 or later.

Exploit

Correção

Incomplete List of Disallowed Inputs

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-183CWE-184

Identificadores relacionados

CVE-2026-4509

Produtos afetados

Pbootcms