CVE-2020-19248

Name of the Vulnerable Software and Affected Versions PbootCMS version 1.4.1

Description The issue allows a malicious user to contaminate template content by searching for page contamination URLs, thus triggering vulnerabilities when the program uses eval statements to parse templates. This is due to a SQL Injection vulnerability in parsing if statements in templates.

Recommendations For PbootCMS version 1.4.1, consider disabling the use of eval statements in template parsing until a patch is available. Restrict access to template content to minimize the risk of exploitation. Avoid using contaminated URLs in the affected templates until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.