Zmjjkk

**Name of the Vulnerable Software and Affected Versions** PbootCMS versions prior to 3.2.13 **Description** A security flaw exists in PbootCMS up to version 3.2.12 related to incomplete blacklist handling within the File Upload component. The issue resides in the file `core/function/file.php` and involves manipulation of the `black` argument. This allows for remote attacks. The exploit has been publicly released. **Recommendations** Update PbootCMS to version 3.2.13 or later.

**Name of the Vulnerable Software and Affected Versions** PbootCMS versions prior to 3.2.12 **Description** A weakness exists in PbootCMS that allows for cross site scripting. This issue impacts the `alert location` function within the `apps/home/controller/MemberController.php` file, specifically related to the Parameter Handler component. Manipulation of the `backurl` argument can lead to exploitation. The exploit has been publicly released, potentially enabling attacks. **Recommendations** Update PbootCMS to a version newer than 3.2.12. As a temporary workaround, consider restricting access to the `alert location` function within the `apps/home/controller/MemberController.php` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PbootCMS versions up to 3.2.12 **Description** A flaw exists in PbootCMS that may allow for improper access controls. This issue is related to functionality within the `apps/admin/controller/system/UserController.php` file of the Backend component. Exploitation involves manipulating the `Field` argument, and the attack can be performed remotely. The exploit has been published. **Recommendations** Versions prior to 3.2.12 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PbootCMS versions prior to 3.2.12 **Description** A flaw exists in PbootCMS up to version 3.2.12 related to the manipulation of the `Username` argument within the `checkUsername` function located in the file `apps/home/controller/MemberController.php` of the Member Login component. This can lead to a SQL injection. The attack can be initiated remotely. **Recommendations** Update PbootCMS to a version later than 3.2.12.