CVE-2026-12066
PbootCMS Password MemberController.php retrieve password recovery
CVSS Score
7.3
EPSS Score
0.0%
EPSS Percentile
0th
A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password recovery. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
| CWE | CWE-640 |
| Vendor | n/a |
| Product | pbootcms |
| Published | Jun 12, 2026 |
| Last Updated | Jun 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a pbootcms
Be the first to know when new high vulnerabilities affecting n/a pbootcms are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / PbootCMS
3.2.0 3.2.1 3.2.2 3.2.3 3.2.4 3.2.5 3.2.6 3.2.7 3.2.8 3.2.9 3.2.10 3.2.11 3.2.12
References
vuldb.com: https://vuldb.com/vuln/370561 vuldb.com: https://vuldb.com/vuln/370561/cti vuldb.com: https://vuldb.com/cve/CVE-2026-12066 vuldb.com: https://vuldb.com/submit/828374 github.com: https://github.com/pbootcmspro/PbootCMS/issues/38 github.com: https://github.com/yunyan05/MYCVE/tree/main/PbootCMS/V3.2.12-Account-Takeover
Credits
๐ yunyan05 (VulDB User)