SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote attacker to execute arbitrary code via the thesaurus parameter in export_skos.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-02-21
File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file.
CVSS Score
7.2
EPSS Score
0.741
Published
2024-01-11
PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php.
CVSS Score
6.1
EPSS Score
0.127
Published
2022-06-23
Page 2