Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-12066

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-12 Jun, 2026 | 13:00
Updated At-12 Jun, 2026 | 13:34
Rejected At-
Credits

PbootCMS Password MemberController.php retrieve password recovery

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password recovery. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:12 Jun, 2026 | 13:00
Updated At:12 Jun, 2026 | 13:34
Rejected At:
â–¼CVE Numbering Authority (CNA)
PbootCMS Password MemberController.php retrieve password recovery

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password recovery. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Affected Products
Vendor
n/a
Product
PbootCMS
CPEs
  • cpe:2.3:a:pbootcms:pbootcms:*:*:*:*:*:*:*:*
Modules
  • Password Handler
Versions
Affected
  • 3.2.0
  • 3.2.1
  • 3.2.2
  • 3.2.3
  • 3.2.4
  • 3.2.5
  • 3.2.6
  • 3.2.7
  • 3.2.8
  • 3.2.9
  • 3.2.10
  • 3.2.11
  • 3.2.12
Problem Types
TypeCWE IDDescription
CWECWE-640Weak Password Recovery
Type: CWE
CWE ID: CWE-640
Description: Weak Password Recovery
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3.07.3HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2.07.5N/A
AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Version: 3.0
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Version: 2.0
Base score: 7.5
Base severity: N/A
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
yunyan05 (VulDB User)
Timeline
EventDate
Advisory disclosed2026-06-12 00:00:00
VulDB entry created2026-06-12 02:00:00
VulDB entry last update2026-06-12 09:46:03
Event: Advisory disclosed
Date: 2026-06-12 00:00:00
Event: VulDB entry created
Date: 2026-06-12 02:00:00
Event: VulDB entry last update
Date: 2026-06-12 09:46:03
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/vuln/370561
vdb-entry
technical-description
https://vuldb.com/vuln/370561/cti
signature
permissions-required
https://vuldb.com/cve/CVE-2026-12066
third-party-advisory
https://vuldb.com/submit/828374
third-party-advisory
https://github.com/pbootcmspro/PbootCMS/issues/38
issue-tracking
https://github.com/yunyan05/MYCVE/tree/main/PbootCMS/V3.2.12-Account-Takeover
exploit
Hyperlink: https://vuldb.com/vuln/370561
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/vuln/370561/cti
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/cve/CVE-2026-12066
Resource:
third-party-advisory
Hyperlink: https://vuldb.com/submit/828374
Resource:
third-party-advisory
Hyperlink: https://github.com/pbootcmspro/PbootCMS/issues/38
Resource:
issue-tracking
Hyperlink: https://github.com/yunyan05/MYCVE/tree/main/PbootCMS/V3.2.12-Account-Takeover
Resource:
exploit
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:12 Jun, 2026 | 14:16
Updated At:12 Jun, 2026 | 16:16

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password recovery. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.5MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Secondary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Secondary
Version: 4.0
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-640Primarycna@vuldb.com
CWE ID: CWE-640
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/pbootcmspro/PbootCMS/issues/38cna@vuldb.com
N/A
https://github.com/yunyan05/MYCVE/tree/main/PbootCMS/V3.2.12-Account-Takeovercna@vuldb.com
N/A
https://vuldb.com/cve/CVE-2026-12066cna@vuldb.com
N/A
https://vuldb.com/submit/828374cna@vuldb.com
N/A
https://vuldb.com/vuln/370561cna@vuldb.com
N/A
https://vuldb.com/vuln/370561/cticna@vuldb.com
N/A
Hyperlink: https://github.com/pbootcmspro/PbootCMS/issues/38
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/yunyan05/MYCVE/tree/main/PbootCMS/V3.2.12-Account-Takeover
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/cve/CVE-2026-12066
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/submit/828374
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/vuln/370561
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/vuln/370561/cti
Source: cna@vuldb.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

15Records found
CVE-2022-23855
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.71% / 74.41%
||
7 Day CHG~0.00%
Published-24 Jan, 2022 | 01:43
Updated-03 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An authentication bypass in ECM/maintenance/forgotpasswordstep1 allows an unauthenticated user to reset passwords and login as any local account.

Action-Not Available
Vendor-saviyntn/a
Product-enterprise_identity_cloudn/a
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2019-18818
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-97.64% / 99.89%
||
7 Day CHG~0.00%
Published-07 Nov, 2019 | 21:02
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.

Action-Not Available
Vendor-n/aStrapi, Inc.
Product-strapin/a
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2021-36209
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.03% / 59.26%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 13:19
Updated-04 Aug, 2024 | 00:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-hubn/a
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2015-5172
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.17% / 63.28%
||
7 Day CHG~0.00%
Published-24 Oct, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.

Action-Not Available
Vendor-n/aCloud FoundryVMware (Broadcom Inc.)
Product-cloud_foundry_uaacf-releasecloud_foundry_elastic_runtimen/a
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2021-28293
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.59% / 72.56%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 18:00
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature. The lack of correct configuration leads to recovery of the password reset link generated via the password reset functionality, and thus an unauthenticated attacker can set an arbitrary password for any user.

Action-Not Available
Vendor-seceonn/a
Product-aisiemn/a
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2021-22731
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-1.40% / 69.01%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 19:19
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior which could cause an unauthorized password change through HTTP / HTTPS when basic user information is known by a remote attacker.

Action-Not Available
Vendor-n/a
Product-mcsesm083f23f0hmcsesp083f23g0t_firmwaremcsesm083f23f0_firmwaremcsesp083f23g0tmcsesm063f2cu0mcsesm063f2cs0_firmwaremcsesm103f2cu0mcsesm123f2lg0mcsesp083f23g0_firmwaremcsesm103f2cu0hmcsesm053f1cu0_firmwaremcsesm103f2cs0hmcsesm093f1cu0_firmwaremcsesm093f1cu0mcsesm043f23f0_firmwaremcsesm093f1cs0_firmwaremcsesm053f1cu0mcsesm043f23f0mcsesm103f2cs0_firmwaremcsesm103f2cs0h_firmwaremcsesm083f23f0h_firmwaremcsesm083f23f0mcsesm063f2cu0_firmwaremcsesm123f2lg0_firmwaremcsesm053f1cs0_firmwaremcsesp083f23g0mcsesm063f2cs0mcsesm103f2cu0_firmwaremcsesm103f2cu0h_firmwaremcsesm093f1cs0mcsesm103f2cs0mcsesm053f1cs0Modicon Managed Switch MCSESM* and MCSESP* V8.21 and prior
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2012-5686
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.76% / 90.74%
||
7 Day CHG~0.00%
Published-04 Feb, 2020 | 13:30
Updated-06 Aug, 2024 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ZPanel 10.0.1 has insufficient entropy for its password reset process.

Action-Not Available
Vendor-zpanelcpn/a
Product-zpaneln/a
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2020-27179
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.28% / 66.23%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 04:21
Updated-04 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens.

Action-Not Available
Vendor-konzept-ixn/a
Product-publixonen/a
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2018-19488
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.13% / 89.51%
||
7 Day CHG~0.00%
Published-17 Mar, 2019 | 21:37
Updated-05 Aug, 2024 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_reset_pass() function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account.

Action-Not Available
Vendor-wp-jobhunt_projectn/a
Product-wp-jobhuntn/a
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2018-1000501
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.59% / 72.49%
||
7 Day CHG~0.00%
Published-26 Jun, 2018 | 16:00
Updated-05 Aug, 2024 | 12:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application/controllers/administration/auth.php that can result in Account Tackover. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in v0.3.3.

Action-Not Available
Vendor-instant-updaten/a
Product-instant_update_cmsn/a
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2020-28186
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-4.13% / 89.51%
||
7 Day CHG~0.00%
Published-24 Dec, 2020 | 14:30
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the forget password functionality and achieve account takeover.

Action-Not Available
Vendor-terra-mastern/a
Product-tosn/a
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2019-17392
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.09% / 61.04%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 17:30
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.

Action-Not Available
Vendor-n/aProgress Software Corporation
Product-sitefinityn/a
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2022-27157
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.12% / 61.97%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 18:00
Updated-03 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php.

Action-Not Available
Vendor-n/aThe PHP Group
Product-pearwebn/a
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2022-1073
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.78% / 51.02%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 05:50
Updated-15 Apr, 2025 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Automatic Question Paper Generator password recovery

A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as critical. An attack leads to privilege escalation. The attack can be launched remotely.

Action-Not Available
Vendor-automatic_question_paper_generator_system_projectunspecified
Product-automatic_question_paper_generator_systemAutomatic Question Paper Generator
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2017-2766
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-1.63% / 73.21%
||
7 Day CHG~0.00%
Published-03 Feb, 2017 | 07:24
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-documentum_eroomEMC Documentum eRoom EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
Details not found