CVE-2026-12066

Exploit

EPSS 0.29%
Veröffentlicht 12.06.2026 13:00:07
Zuletzt bearbeitet 12.06.2026 16:16:27
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

PbootCMS Password MemberController.php retrieve password recovery

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password recovery. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 9

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellern/a

≫

Produkt PbootCMS

Version 3.2.0

Status affected

Version 3.2.1

Status affected

Version 3.2.2

Status affected

Version 3.2.3

Status affected

Version 3.2.4

Status affected

Version 3.2.5

Status affected

Version 3.2.6

Status affected

Version 3.2.7

Status affected

Version 3.2.8

Status affected

Version 3.2.9

Status affected

Version 3.2.10

Status affected

Version 3.2.11

Status affected

Version 3.2.12

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.203

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	5.5	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-640 Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

https://vuldb.com/vuln/370561

https://vuldb.com/vuln/370561/cti

https://vuldb.com/cve/CVE-2026-12066

https://vuldb.com/submit/828374

https://github.com/pbootcmspro/PbootCMS/issues/38

https://github.com/yunyan05/MYCVE/tree/main/PbootCMS/V3.2.12-Account-Takeover

https://nvd.nist.gov/vuln/detail/CVE-2026-12066

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-12066

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-12066

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-12066