Total
14 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-26289 | 1 Sigb | 1 Pmb | 2025-04-04 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18. | |||||
| CVE-2023-52155 | 1 Sigb | 1 Pmb | 2025-03-25 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4.7 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via the sauvegardes variable through the /admin/sauvegarde/run.php endpoint. | |||||
| CVE-2023-52154 | 1 Sigb | 1 Pmb | 2025-03-25 | N/A | 7.2 HIGH |
| File Upload vulnerability in pmb/camera_upload.php in PMB 7.4.7 and earlier allows attackers to run arbitrary code via upload of crafted PHTML files. | |||||
| CVE-2023-52153 | 1 Sigb | 1 Pmb | 2025-03-25 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability in /pmb/opac_css/includes/sessions.inc.php in PMB 7.4.7 and earlier allows remote unauthenticated attackers to inject arbitrary SQL commands via the PmbOpac-LOGIN cookie value. | |||||
| CVE-2023-51828 | 1 Sigb | 1 Pmb | 2025-03-25 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter in get_next_notice function. | |||||
| CVE-2023-38844 | 1 Sigb | 1 Pmb | 2025-03-25 | N/A | 7.5 HIGH |
| SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote attacker to execute arbitrary code via the thesaurus parameter in export_skos.php. | |||||
| CVE-2023-37177 | 1 Sigb | 1 Pmb | 2025-03-25 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote unauthenticated attacker to execute arbitrary code via the query parameter in the /admin/convert/export_z3950.php endpoint. | |||||
| CVE-2023-46474 | 1 Sigb | 1 Pmb | 2024-11-21 | N/A | 7.2 HIGH |
| File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file. | |||||
| CVE-2023-24737 | 1 Sigb | 1 Pmb | 2024-11-21 | N/A | 6.1 MEDIUM |
| PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950.php. | |||||
| CVE-2023-24736 | 1 Sigb | 1 Pmb | 2024-11-21 | N/A | 9.8 CRITICAL |
| PMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /sauvegarde/restaure_act.php. | |||||
| CVE-2023-24735 | 1 Sigb | 1 Pmb | 2024-11-21 | N/A | 6.1 MEDIUM |
| PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL. | |||||
| CVE-2023-24734 | 1 Sigb | 1 Pmb | 2024-11-21 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file. | |||||
| CVE-2023-24733 | 1 Sigb | 1 Pmb | 2024-11-21 | N/A | 6.1 MEDIUM |
| PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950_new.php. | |||||
| CVE-2022-34328 | 1 Sigb | 1 Pmb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php. | |||||