Sigb Pmb
23 CVEs affecting Sigb Pmb. Latest disclosed: 2025-12-23. Critical: 8, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-0471 | Critical | 9.9 | 2025-01-16 | Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. This vulnerability could allow an attacker to upload a file to… |
CVE-2025-61168 | Critical | 9.8 | 2025-11-25 | An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file. |
CVE-2024-26289 | Critical | 9.8 | 2024-05-27 | Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before 7.5.6-2, from 7.4.1… |
CVE-2023-52153 | Critical | 9.8 | 2024-02-21 | A SQL Injection vulnerability in /pmb/opac_css/includes/sessions.inc.php in PMB 7.4.7 and earlier allows remote unauthenticated attackers to inject arbitrary S… |
CVE-2023-51828 | Critical | 9.8 | 2024-02-21 | A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary… |
CVE-2023-37177 | Critical | 9.8 | 2024-02-21 | SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote unauthenticated attacker to execute arbitrary code via the query parameter i… |
CVE-2023-24736 | Critical | 9.8 | 2023-03-06 | PMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /sauvegarde/restaure_act.php. |
CVE-2023-24734 | Critical | 9.8 | 2023-03-06 | An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file. |
CVE-2023-53982 | High | 7.5 | 2025-12-23 | PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries… |
CVE-2025-0472 | High | 7.5 | 2025-01-16 | Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a file to the environment and e… |
CVE-2023-38844 | High | 7.5 | 2024-02-21 | SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote attacker to execute arbitrary code via the thesaurus parameter in export_skos.php. |
CVE-2023-52155 | High | 7.2 | 2024-02-21 | A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4.7 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via… |
CVE-2023-52154 | High | 7.2 | 2024-02-21 | File Upload vulnerability in pmb/camera_upload.php in PMB 7.4.7 and earlier allows attackers to run arbitrary code via upload of crafted PHTML files. |
CVE-2023-46474 | High | 7.2 | 2024-01-11 | File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_i… |
CVE-2025-61167 | Medium | 6.5 | 2025-11-25 | SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php component via the id and datas parameter… |
CVE-2025-0473 | Medium | 6.5 | 2025-01-16 | Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exi… |
CVE-2025-48744 | Medium | 6.4 | 2025-05-27 | In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution. |
CVE-2023-24737 | Medium | 6.1 | 2023-03-06 | PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950.php. |
CVE-2023-24735 | Medium | 6.1 | 2023-03-06 | PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim… |
CVE-2023-24733 | Medium | 6.1 | 2023-03-06 | PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950_new.php. |