Shodan
Vulnerabilities
Vulnerable Software
Sigb:  >> Pmb  >> 3.5.1  Security Vulnerabilities
CVE-2025-48742
The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-05-27
CVE-2025-48743
SIGB PMB before 8.0.1.2 allows SQL injection.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-05-27
CVE-2025-48744
In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution.
CVSS Score
6.4
EPSS Score
0.001
Published
2025-05-27
CVE-2025-0472
Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a file to the environment and enumerate the internal files of a machine by looking at the request response.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-01-16
CVE-2023-52153
A SQL Injection vulnerability in /pmb/opac_css/includes/sessions.inc.php in PMB 7.4.7 and earlier allows remote unauthenticated attackers to inject arbitrary SQL commands via the PmbOpac-LOGIN cookie value.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-02-21
CVE-2023-52154
File Upload vulnerability in pmb/camera_upload.php in PMB 7.4.7 and earlier allows attackers to run arbitrary code via upload of crafted PHTML files.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-02-21
CVE-2023-52155
A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4.7 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via the sauvegardes variable through the /admin/sauvegarde/run.php endpoint.
CVSS Score
7.2
EPSS Score
0.003
Published
2024-02-21
CVE-2023-51828
A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter in get_next_notice function.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-02-21
CVE-2023-37177
SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote unauthenticated attacker to execute arbitrary code via the query parameter in the /admin/convert/export_z3950.php endpoint.
CVSS Score
9.8
EPSS Score
0.013
Published
2024-02-21
CVE-2023-38844
SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote attacker to execute arbitrary code via the thesaurus parameter in export_skos.php.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-02-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved