CVE-2026-4514

Name of the Vulnerable Software and Affected Versions PbootCMS versions up to 3.2.12

Description A flaw exists in PbootCMS that may allow for improper access controls. This issue is related to functionality within the apps/admin/controller/system/UserController.php file of the Backend component. Exploitation involves manipulating the Field argument, and the attack can be performed remotely. The exploit has been published.

Recommendations Versions prior to 3.2.12 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.