CVE-2026-4514

MEDIUM NVD

CVSS Score 6.3

Severity MEDIUM

Published Mar 21, 2026

Vendor unknown

Description

A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a manipulation of the argument Field can lead to improper access controls. The attack may be performed from remote. The exploit has been published and may be used.

References

https://github.com/zzj-create/cvetest/blob/main/VULN-06_BACKEND_ARBITRARY_FIELD_MODIFICATION_REPORT_EN.md#vuln-06-pbootcms-3212-backend-arbitrary-field-modification
https://vuldb.com/?ctiid.352079
https://vuldb.com/?id.352079
https://vuldb.com/?submit.773907