CVE-2025-48744

Medium CVSS: 6.4

In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution.

Vendor

Product

CWE

Yayın Tarihi

2025-05-27 03:15:23

Güncelleme

2025-06-09 18:50:58

Source Identifier

cve@mitre.org

KEV Date Added

CWE-22 Pmb MEDIUM Sigb 2025

https://forge.sigb.net/projects/pmb/wiki/Changelog_801#CHANGE-LOG-8012-2025-03-03 https://www.sigb.net/index.php?lvl=cmspage&pageid=6&id_rubrique=553&opac_view=1

Critical

CVE-2023-53982

PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote at…

Medium

CVE-2025-61167

SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php c…

Critical

CVE-2025-61168

An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializin…

Medium

CVE-2025-48742

The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution.

Medium

CVE-2025-48743

SIGB PMB before 8.0.1.2 allows SQL injection.

High

CVE-2025-0472

Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to…