CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-53982

PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-based blind SQL injection attacks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 19.8%

CVSS Severity

CVSS v3 Score 8.2

References

http://forge.sigb.net/redmine/projects/pmb/files
http://www.sigb.net
https://www.exploit-db.com/exploits/51197
https://www.vulncheck.com/advisories/pmb-sql-injection-vulnerability-via-unsanitized-storage-parameter

Products affected by CVE-2023-53982

Sigb » Pmb » Version: 7.4.6

cpe:2.3:a:sigb:pmb:7.4.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-53982

Products

Pricing

Contact Us