CVE-2026-4509

Exploit

EPSS 0.05%
Veröffentlicht 21.03.2026 06:02:10
Zuletzt bearbeitet 23.03.2026 14:31:37
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A security flaw has been discovered in PbootCMS up to 3.2.12. This affects an unknown function of the file core/function/file.php of the component File Upload. The manipulation of the argument black results in incomplete blacklist. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellern/a

≫

Produkt PbootCMS

Version 3.2.0

Status affected

Version 3.2.1

Status affected

Version 3.2.2

Status affected

Version 3.2.3

Status affected

Version 3.2.4

Status affected

Version 3.2.5

Status affected

Version 3.2.6

Status affected

Version 3.2.7

Status affected

Version 3.2.8

Status affected

Version 3.2.9

Status affected

Version 3.2.10

Status affected

Version 3.2.11

Status affected

Version 3.2.12

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.169

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-183 Permissive List of Allowed Inputs

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.

CWE-184 Incomplete List of Disallowed Inputs

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

https://vuldb.com/?id.352075

https://vuldb.com/?ctiid.352075

https://vuldb.com/?submit.773901

https://github.com/zzj-create/cvetest/blob/main/VULN-04_DANGEROUS_FILE_UPLOAD_REPORT_EN.md

https://nvd.nist.gov/vuln/detail/CVE-2026-4509

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-4509

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-4509

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-4509