VYPR
Unrated severityNVD Advisory· Published Dec 23, 2025· Updated Mar 5, 2026

PMB 7.4.6 SQL Injection Vulnerability via Unsanitized Storage Parameter

CVE-2023-53982

Description

PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-based blind SQL injection attacks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.