Product
sigb pmb
24 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2023-53982
CVE-2025-61168
CVE-2025-61167
CVE-2025-48742
CVE-2025-48744
CVE-2025-48743
CVE-2025-0473
CVE-2025-0472
CVE-2025-0471
CVE-2024-26289
CVE-2023-52155
CVE-2023-52154
CVE-2023-52153
CVE-2023-51828
CVE-2023-38844
CVE-2023-37177
CVE-2023-46474
CVE-2023-24737
CVE-2023-24736
CVE-2023-24735
CVE-2023-24734
CVE-2023-24733
CVE-2022-34328
CVE-2014-9457
all versions
PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to
all versions
An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbit
all versions
SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php component v
< 8.0.1.2
The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution.
< 8.0.1.2
In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution.
< 8.0.1.2
SIGB PMB before 8.0.1.2 allows SQL injection.
>= 4.0.10
Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and
<= 4.2.13
Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a
>= 4.0.10
Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. This vulnerability could allow an
>= 7.3.1 and < 7.3.18
Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.
<= 7.4.7
A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4.7 and earlier allows remote authenticated attackers to execu
<= 7.4.7
File Upload vulnerability in pmb/camera_upload.php in PMB 7.4.7 and earlier allows attackers to run arbitrary code via upload of c
<= 7.4.7
A SQL Injection vulnerability in /pmb/opac_css/includes/sessions.inc.php in PMB 7.4.7 and earlier allows remote unauthenticated at
<= 7.4.7
A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated a
<= 7.4.7
SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote attacker to execute arbitrary code via the thesaurus parame
<= 7.4.7
SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote unauthenticated attacker to execute arbitrary c
<= 7.5.3
File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP
all versions
PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/conver
all versions
PMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /sauvegarde/restaure_act.php.
all versions
PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows
all versions
An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code
all versions
PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/conver
all versions
PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php.
<= 4.1.3
SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote authenticated users to execut