CVE-2020-19248

MEDIUM

pbootcms < 1.4.1 - SQL Injection via Template If Statement Parsing

Title source: llm
STIX 2.1

Description

SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements in templates, resulting in a malicious user's ability to contaminate template content by searching for page contamination URLs, thus triggering vulnerabilities when the program uses eval statements to parse templates.

Scores

CVSS v3 5.1
EPSS 0.0024
EPSS Percentile 15.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
pbootcms/pbootcms < 1.4.1
Published Feb 21, 2025
Tracked Since Feb 18, 2026