CVE-2026-36239

MEDIUM

PbootCMS 3.2.11 - Code Injection in Site Configuration

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-36239. PoCs published by TazmiDev.

AI-analyzed exploit summary The repository contains a functional exploit for CVE-2026-36239, an authenticated RCE vulnerability in PbootCMS v3.2.12. The exploit leverages insecure deserialization in the `decode_string()` function to inject PHP code via the site configuration's 'Footer Information' field, leading to arbitrary code execution.

Description

PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality

Exploits (1)

github WORKING POC

by TazmiDev · pythonpoc

https://github.com/TazmiDev/CVE-2026-36239

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2026-36239, an authenticated RCE vulnerability in PbootCMS v3.2.12. The exploit leverages insecure deserialization in the `decode_string()` function to inject PHP code via the site configuration's 'Footer Information' field, leading to arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: PbootCMS v3.2.12

Auth required

Prerequisites: Authenticated admin access to PbootCMS backend · Target server with vulnerable PbootCMS version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 27, 2026 Full analysis →

References (3)

Core 3

Core References

http://pbootcms.com

http://hunan.com

https://github.com/TazmiDev/CVE-2026-36239

Scores

CVSS v3 4.3

EPSS 0.0003

EPSS Percentile 10.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Published May 26, 2026

Tracked Since May 27, 2026