PbootCMS Password MemberController.php retrieve password recovery_CVE-2026-12066

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password recovery. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Basic Information

ID CVE-2026-12066

Source VulDB

Published Jun 12, 2026 at 13:00

Affected Product

Vendor n/a

Product PbootCMS

Version 3.2.0

Affected Versions n/a PbootCMS 3.2.0
n/a PbootCMS 3.2.1
n/a PbootCMS 3.2.2
n/a PbootCMS 3.2.3
n/a PbootCMS 3.2.4
n/a PbootCMS 3.2.5
n/a PbootCMS 3.2.6
n/a PbootCMS 3.2.7
n/a PbootCMS 3.2.8
n/a PbootCMS 3.2.9
n/a PbootCMS 3.2.10
n/a PbootCMS 3.2.11
n/a PbootCMS 3.2.12

CWE Classification

CWE-640

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password recovery. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.",
    "published": "2026-06-12T13:00:07.936Z",
    "modified": "2026-06-12T13:00:07.936Z",
    "type": "cve",
    "title": "PbootCMS Password MemberController.php retrieve password recovery",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/370561\nhttps://vuldb.com/vuln/370561/cti\nhttps://vuldb.com/cve/CVE-2026-12066\nhttps://vuldb.com/submit/828374\nhttps://github.com/pbootcmspro/PbootCMS/issues/38\nhttps://github.com/yunyan05/MYCVE/tree/main/PbootCMS/V3.2.12-Account-Takeover",
    "id": "CVE-2026-12066",
    "bulletinFamily": "",
    "cwe": [
        "CWE-640"
    ],
    "cvelist": null,
    "sourceData": "n/a PbootCMS 3.2.0\nn/a PbootCMS 3.2.1\nn/a PbootCMS 3.2.2\nn/a PbootCMS 3.2.3\nn/a PbootCMS 3.2.4\nn/a PbootCMS 3.2.5\nn/a PbootCMS 3.2.6\nn/a PbootCMS 3.2.7\nn/a PbootCMS 3.2.8\nn/a PbootCMS 3.2.9\nn/a PbootCMS 3.2.10\nn/a PbootCMS 3.2.11\nn/a PbootCMS 3.2.12",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PbootCMS",
    "version": "3.2.0",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}