CVE-2025-61167

Medium CVSS: 6.5

SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php component via the id and datas parameters.

Vendor

Sigb

Product

Pmb

CWE

CWE-89

Yayın Tarihi

2025-11-25 19:15:50

Güncelleme

2025-12-01 14:20:07

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-89 Pmb MEDIUM Sigb 2025

Referanslar

http://pmb.com http://sigb.com https://forge.sigb.net/projects/pmb/wiki/Changelog_801#S%C3%A9curit%C3%A9-2 https://gist.github.com/ZanyMonk/ed12e265f777152c33aeb806a644850e

Benzer Kayıtlar

Critical

CVE-2023-53982

PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote at…

Critical

CVE-2025-61168

An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializin…

Medium

CVE-2025-48742

The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution.

Medium

CVE-2025-48743

SIGB PMB before 8.0.1.2 allows SQL injection.

Medium

CVE-2025-48744

In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution.

High

CVE-2025-0472

Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to…