CVE-2026-7508
Received Received - Intake
Code Injection in Bootstrap CMS Page Creation

Publication date: 2026-04-30

Last updated on: 2026-04-30

Assigner: VulDB

Description
A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulation of the argument body results in code injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The code repository of the project has not been active for many years. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-30
Last Modified
2026-04-30
Generated
2026-05-07
AI Q&A
2026-05-01
EPSS Evaluated
2026-05-05
NVD
CVE-2026-7508
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bootstrap_cms bootstrap_cms 0.9.0_alpha
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in Bootstrap CMS version 0.9.0-alpha, specifically in an unknown function within the file resources/views/pages/show.blade.php related to the Page Creation Handler component.

The issue arises when an attacker manipulates the argument 'body', which leads to code injection. This means that malicious code can be inserted and executed remotely.

The vulnerability can be exploited remotely, and the exploit has already been made public. However, it only affects unsupported versions of the product, as the project repository has not been active for many years.


How can this vulnerability impact me? :

Exploitation of this vulnerability allows an attacker to inject and execute arbitrary code remotely on the affected system.

This can lead to unauthorized access, data manipulation, or disruption of service depending on the attacker's intent and the environment in which the vulnerable CMS is deployed.

Since the affected product is no longer supported, there may be no official patches or fixes available, increasing the risk if the vulnerable software is still in use.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart