CVE-2025-61168

Critical CVSS: 9.8

An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file.

Vendor

Product

CWE

Yayın Tarihi

2025-11-25 19:15:50

Güncelleme

2025-12-01 14:21:40

Source Identifier

cve@mitre.org

KEV Date Added

CWE-502 Pmb CRITICAL Sigb 2025

http://pmb.com http://sigb.com https://forge.sigb.net/projects/pmb/wiki/Changelog_801#S%C3%A9curit%C3%A9-2 https://gist.github.com/ZanyMonk/446f6875a2ceb3decef5ff1176428f9e

Critical

CVE-2023-53982

PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote at…

Medium

CVE-2025-61167

SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php c…

Medium

CVE-2025-48742

The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution.

Medium

CVE-2025-48743

SIGB PMB before 8.0.1.2 allows SQL injection.

Medium

CVE-2025-48744

In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution.

High

CVE-2025-0472

Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to…