Home

Description

A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulation of the argument body results in code injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The code repository of the project has not been active for many years. This vulnerability only affects products that are no longer supported by the maintainer.

PUBLISHED Reserved 2026-04-30 | Published 2026-04-30 | Updated 2026-04-30 | Assigner VulDB




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
6.5AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Code Injection

Injection

Product status

0.9.0-alpha
affected

Timeline

2026-04-30:Advisory disclosed
2026-04-30:VulDB entry created
2026-04-30:VulDB entry last update

Credits

fortuneh2c (VulDB User) reporter

VulDB CNA Team coordinator

References

vuldb.com/vuln/360316 (VDB-360316 | Bootstrap CMS Page Creation show.blade.php code injection) vdb-entry technical-description

vuldb.com/vuln/360316/cti (VDB-360316 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/submit/803531 (Submit #803531 | Bootstrap CMS v0.9.0-alpha Bootstrap CMS) third-party-advisory

www.yuque.com/fortune-toq55/giqwnb/ra0b34kzmqn8e0m1 exploit

cve.org (CVE-2026-7508)

nvd.nist.gov (CVE-2026-7508)

Download JSON