How severe is CVE-2025-15154?

CVE-2025-15154 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2025-15154

Name: pbootcms
Author: pbootcms

5.3MEDIUM

A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipula

发布于: 12/28/2025更新于: 12/30/2025

描述

A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

AI分析AI驱动

受影响产品

pbootcmspbootcms

参考资料

https://note-hxlab.wetolink.com/share/JyBNgF8JagWQ
ExploitThird Party Advisory
https://vuldb.com/?ctiid.338532
Permissions RequiredVDB Entry
https://vuldb.com/?id.338532
Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.719818
Third Party AdvisoryVDB Entry