CVE-2026-12066 | PbootCMS up to 3.2.12 Password MemberController.php retrieve username/password/email/checkcode password recovery (Issue 38)

Inserito da Angelo Barbosa | Giu 12, 2026 | CVE

A vulnerability categorized as critical has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password recovery.

This vulnerability is known as CVE-2026-12066. It is possible to launch the attack remotely. Furthermore, an exploit is available.

CVE-2026-12066 | PbootCMS up to 3.2.12 Password MemberController.php retrieve username/password/email/checkcode password recovery (Issue 38)

Post correlati

CVE-2024-6405 | Floating Social Buttons Plugin up to 1.5 on WordPress cross-site request forgery

CVE-2026-3629 | carazo Import and Export Users and Customers Plugin up to 1.29.7 on WordPress save_extra_user_profile_fields privileges management

CVE-2024-9325 | Intelbras InControl up to 2.21.56 incontrol-service-watchdog.exe unquoted search path

CVE-2025-4035 | GNOME libsoup Cookie Domain