Unrated severityNVD Advisory· Published Dec 23, 2025· Updated Mar 5, 2026
PMB 7.4.6 SQL Injection Vulnerability via Unsanitized Storage Parameter
CVE-2023-53982
Description
PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-based blind SQL injection attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: = 7.4.6
- Sigb/PMBv5Range: 7.4.6
Patches
Vulnerability mechanics
References
4- www.exploit-db.com/exploits/51197mitreexploit
- www.vulncheck.com/advisories/pmb-sql-injection-vulnerability-via-unsanitized-storage-parametermitrethird-party-advisory
- forge.sigb.net/redmine/projects/pmb/filesmitreproduct
- www.sigb.netmitreproduct
News mentions
0No linked articles in our index yet.