5.5

CVE-2025-15154

Exploit

PbootCMS Header handle.php get_user_ip less trusted source

A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PbootcmsPbootcms Version <= 3.2.12
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.117
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cna@vuldb.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
cna@vuldb.com 5.5 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

CWE-348 Use of Less Trusted Source

The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.

https://vuldb.com/?id.338532
Third Party Advisory
VDB Entry
https://vuldb.com/?ctiid.338532
VDB Entry
Permissions Required
https://vuldb.com/?submit.719818
Third Party Advisory
VDB Entry
https://note-hxlab.wetolink.com/share/JyBNgF8JagWQ
Third Party Advisory
Exploit