PT-2026-26881 · Pbootcms · Pbootcms
Zmjjkk
·
Published
2026-03-21
·
Updated
2026-03-21
·
CVE-2026-4509
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PbootCMS versions prior to 3.2.13
Description
A security flaw exists in PbootCMS up to version 3.2.12 related to incomplete blacklist handling within the File Upload component. The issue resides in the file
core/function/file.php and involves manipulation of the black argument. This allows for remote attacks. The exploit has been publicly released.Recommendations
Update PbootCMS to version 3.2.13 or later.
Exploit
Fix
Incomplete List of Disallowed Inputs
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Pbootcms