Unrated severityNVD Advisory· Published Dec 23, 2025· Updated Mar 5, 2026

PMB 7.4.6 SQL Injection Vulnerability via Unsanitized Storage Parameter

CVE-2023-53982

Description

PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-based blind SQL injection attacks.

Affected products

Pmb Services/Pmbllm-fuzzy
Range: = 7.4.6
Sigb/PMBv5
Range: 7.4.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/51197mitreexploit
www.vulncheck.com/advisories/pmb-sql-injection-vulnerability-via-unsanitized-storage-parametermitrethird-party-advisory
forge.sigb.net/redmine/projects/pmb/filesmitreproduct
www.sigb.netmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000