CVE-2023-53982

Critical CVSS: 9.3

PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-based blind SQL injection attacks.

Vendor

Sigb

Product

Pmb

CWE

CWE-89

Yayın Tarihi

2025-12-23 20:15:46

Güncelleme

2026-01-16 19:16:14

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-89 Pmb CRITICAL Sigb 2025

Referanslar

http://forge.sigb.net/redmine/projects/pmb/files http://www.sigb.net https://www.exploit-db.com/exploits/51197 https://www.vulncheck.com/advisories/pmb-sql-injection-vulnerability-via-unsanitized-storage-parameter

Benzer Kayıtlar

Medium

CVE-2025-61167

SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php c…

Critical

CVE-2025-61168

An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializin…

Medium

CVE-2025-48742

The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution.

Medium

CVE-2025-48743

SIGB PMB before 8.0.1.2 allows SQL injection.

Medium

CVE-2025-48744

In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution.

High

CVE-2025-0472

Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to…