CVE-2026-7508— Bootstrap CMS Page Creation show.blade.php code injection
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-7508
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Bootstrap CMS Page Creation show.blade.php code injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulation of the argument body results in code injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The code repository of the project has not been active for many years. This vulnerability only affects products that are no longer supported by the maintainer.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Bootstrap CMS 注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Bootstrap CMS是Bootstrap CMS开源的一个基于PHP的内容管理系统。 Bootstrap CMS 0.9.0-alpha版本存在注入漏洞,该漏洞源于Page Creation Handler组件文件resources/views/pages/show.blade.php中未知功能对参数body的操作,可能导致代码注入。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-7508
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-7508
请登录查看更多情报信息。
Other · 1
- CVE-2026-7508 | Bootstrap CMS 0.9.0-alpha Page Creation show.blade.php body code injectionvdb-entrytechnical-description
- https://nvd.nist.gov/vuln/detail/CVE-2026-7508
IV. Related Vulnerabilities
Same product: CMS
- CVE-2026-44306
Statamic: Email enumeration via forgot password endpoint - CVE-2026-44011
Craft CMS: Potential authenticated Remote Code Execution via - CVE-2026-44012
Craft CMS: Missing Volume Permission Check in AssetsControll - CVE-2026-44010
Craft CMS: Missing Authorization in GraphQL Address Resolver - CVE-2026-7317
Grav CMS Cache Value FileCache.php doGet deserialization
Same weakness: CWE-94
- CVE-2026-8838
Remote Code Execution via eval() Injection in amazon-redshif - CVE-2026-45829
ChromaDB <=1.0.0 代码注入漏洞 - CVE-2026-6902
Code Injection in Perforce P4 (Helix Core) - CVE-2018-25320
ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution - CVE-2021-47952
python jsonpickle 2.0.0 Remote Code Execution via py/repr
V. Comments for CVE-2026-7508
No comments yet