GHSA-4rj6-94pr-r3h5MediumCVSS 7.3
A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the...
🔗 CVE IDs covered (1)
📋 Description
A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password recovery. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
🔗 References (8)
- https://nvd.nist.gov/vuln/detail/CVE-2026-12066
- https://github.com/pbootcmspro/PbootCMS/issues/38
- https://github.com/yunyan05/MYCVE/tree/main/PbootCMS/V3.2.12-Account-Takeover
- https://vuldb.com/cve/CVE-2026-12066
- https://vuldb.com/submit/828374
- https://vuldb.com/vuln/370561
- https://vuldb.com/vuln/370561/cti
- https://github.com/advisories/GHSA-4rj6-94pr-r3h5