CVE-2025-0473

Medium CVSS: 6.5

Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on the ‘/pmb/authorities/import/iimport_authorities’ endpoint. When a file is uploaded via this resource, the server will create a temporary file that will be deleted after the client sends a POST request to ‘/pmb/authorities/import/iimport_authorities’. This workflow is automated by the web client, however an attacker can trap and launch the second POST request to prevent the temporary file from being deleted.

Vendor

Sigb

Product

Pmb

CWE

CWE-459

Yayın Tarihi

2025-01-16 13:15:07

Güncelleme

2025-05-07 16:23:45

Source Identifier

cve-coordination@incibe.es

KEV Date Added

Kategoriler

CWE-459 Pmb MEDIUM Sigb 2025

Referanslar

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-pmb-platform

Benzer Kayıtlar

Critical

CVE-2023-53982

PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote at…

Medium

CVE-2025-61167

SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php c…

Critical

CVE-2025-61168

An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializin…

Medium

CVE-2025-48742

The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution.

Medium

CVE-2025-48743

SIGB PMB before 8.0.1.2 allows SQL injection.

Medium

CVE-2025-48744

In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution.