CVE-2026-4514 MEDIUM

CVE-2026-4514: PbootCMS Backend UserController.php access control

Vendor N/A
Product PbootCMS
Weakness CWE-284
Published March 21, 2026
Last update March 23, 2026
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a manipulation of the argument Field can lead to improper access controls. The attack may be performed from remote. The exploit has been published and may be used.

Key dates

Disclosure timeline

March 21, 2026 CVE published
March 23, 2026 Record updated