← back
CVE-2026-4508

PbootCMS Member Login MemberController.php checkUsername sql injection

CVSS 6.9 MEDIUMEPSS 0.3%CWE-74CWE-89
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.9EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
20 Mar 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability was identified in PbootCMS up to 3.2.12. The impacted element is the function checkUsername of the file apps/home/controller/MemberController.php of the component Member Login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Affected products
n/a · PbootCMS