← back
CVE-2023-53982

PMB 7.4.6 SQL Injection Vulnerability via Unsanitized Storage Parameter

CVSS 9.3 CRITICALEPSS 0.6%CWE-89
PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-based blind SQL injection attacks.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
Affected products
Sigb · PMB

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://forge.sigb.net/redmine/projects/pmb/fileshttps://www.exploit-db.com/exploits/51197https://www.vulncheck.com/advisories/pmb-sql-injection-vulnerability-via-unsanitized-storage-parameterhttp://www.sigb.net