CVE-2025-0471

Critical CVSS: 9.9

Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. This vulnerability could allow an attacker to upload a file to gain remote access to the machine, being able to access, modify and execute commands freely.

Vendor

Sigb

Product

Pmb

CWE

CWE-434

Yayın Tarihi

2025-01-16 13:15:06

Güncelleme

2025-05-07 16:24:19

Source Identifier

cve-coordination@incibe.es

KEV Date Added

Kategoriler

CWE-434 Pmb CRITICAL Sigb 2025

Referanslar

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-pmb-platform

Benzer Kayıtlar

Critical

CVE-2023-53982

PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote at…

Medium

CVE-2025-61167

SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php c…

Critical

CVE-2025-61168

An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializin…

Medium

CVE-2025-48742

The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution.

Medium

CVE-2025-48743

SIGB PMB before 8.0.1.2 allows SQL injection.

Medium

CVE-2025-48744

In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution.