CVE-2025-0472

High CVSS: 7.5

Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a file to the environment and enumerate the internal files of a machine by looking at the request response.

Vendor

Sigb

Product

Pmb

CWE

CWE-200

Yayın Tarihi

2025-01-16 13:15:07

Güncelleme

2025-05-07 16:24:03

Source Identifier

cve-coordination@incibe.es

KEV Date Added

Kategoriler

CWE-200 Pmb HIGH Sigb 2025

Referanslar

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-pmb-platform

Benzer Kayıtlar

Critical

CVE-2023-53982

PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote at…

Medium

CVE-2025-61167

SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php c…

Critical

CVE-2025-61168

An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializin…

Medium

CVE-2025-48742

The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution.

Medium

CVE-2025-48743

SIGB PMB before 8.0.1.2 allows SQL injection.

Medium

CVE-2025-48744

In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution.