Sigb Pmb

23 CVEs affecting Sigb Pmb. Latest disclosed: 2025-12-23. Critical: 8, High: 6.

Top CVEs affecting Sigb Pmb
CVESeverityScorePublishedSummary
CVE-2025-0471Critical9.92025-01-16Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. This vulnerability could allow an attacker to upload a file to…
CVE-2025-61168Critical9.82025-11-25An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file.
CVE-2024-26289Critical9.82024-05-27Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before 7.5.6-2, from 7.4.1…
CVE-2023-52153Critical9.82024-02-21A SQL Injection vulnerability in /pmb/opac_css/includes/sessions.inc.php in PMB 7.4.7 and earlier allows remote unauthenticated attackers to inject arbitrary S…
CVE-2023-51828Critical9.82024-02-21A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary…
CVE-2023-37177Critical9.82024-02-21SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote unauthenticated attacker to execute arbitrary code via the query parameter i…
CVE-2023-24736Critical9.82023-03-06PMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /sauvegarde/restaure_act.php.
CVE-2023-24734Critical9.82023-03-06An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file.
CVE-2023-53982High7.52025-12-23PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries…
CVE-2025-0472High7.52025-01-16Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a file to the environment and e…
CVE-2023-38844High7.52024-02-21SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote attacker to execute arbitrary code via the thesaurus parameter in export_skos.php.
CVE-2023-52155High7.22024-02-21A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4.7 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via…
CVE-2023-52154High7.22024-02-21File Upload vulnerability in pmb/camera_upload.php in PMB 7.4.7 and earlier allows attackers to run arbitrary code via upload of crafted PHTML files.
CVE-2023-46474High7.22024-01-11File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_i…
CVE-2025-61167Medium6.52025-11-25SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php component via the id and datas parameter…
CVE-2025-0473Medium6.52025-01-16Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exi…
CVE-2025-48744Medium6.42025-05-27In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution.
CVE-2023-24737Medium6.12023-03-06PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950.php.
CVE-2023-24735Medium6.12023-03-06PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim…
CVE-2023-24733Medium6.12023-03-06PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950_new.php.