VYPR

Pmb

by Pmb Services

CVEs (16)

  • CVE-2020-36970HigJan 28, 2026
    risk 0.55cvss 8.4epss 0.00

    PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/passwd by sending crafted…

  • CVE-2020-37105HigFeb 3, 2026
    risk 0.46cvss 7.1epss 0.00

    PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can leverage this vulnerability by sending crafted requests to the…

  • CVE-2014-9457Jan 2, 2015
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the id parameter to catalog.php.

  • CVE-2023-53982Dec 23, 2025
    risk 0.00cvss epss 0.01

    PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information…

  • CVE-2025-61167Nov 25, 2025
    risk 0.00cvss epss 0.00

    SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php component via the id and datas parameters.

  • CVE-2025-61168Nov 25, 2025
    risk 0.00cvss epss 0.00

    An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file.

  • CVE-2025-48743May 27, 2025
    risk 0.00cvss epss 0.00

    SIGB PMB before 8.0.1.2 allows SQL injection.

  • CVE-2025-48742May 27, 2025
    risk 0.00cvss epss 0.00

    The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution.

  • CVE-2025-0472Jan 16, 2025
    risk 0.00cvss epss 0.00

    Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a file to the environment and enumerate the internal files of a machine by looking at the request response.

  • CVE-2024-26289May 27, 2024
    risk 0.00cvss epss 0.01

    Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18.

  • CVE-2023-37177Feb 21, 2024
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote unauthenticated attacker to execute arbitrary code via the query parameter in the /admin/convert/export_z3950.php endpoint.

  • CVE-2023-51828Feb 21, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter in get_next_notice function.

  • CVE-2023-52153Feb 21, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection vulnerability in /pmb/opac_css/includes/sessions.inc.php in PMB 7.4.7 and earlier allows remote unauthenticated attackers to inject arbitrary SQL commands via the PmbOpac-LOGIN cookie value.

  • CVE-2023-38844Feb 21, 2024
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote attacker to execute arbitrary code via the thesaurus parameter in export_skos.php.

  • CVE-2023-52155Feb 21, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4.7 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via the sauvegardes variable through the /admin/sauvegarde/run.php endpoint.

  • CVE-2023-52154Feb 21, 2024
    risk 0.00cvss epss 0.01

    File Upload vulnerability in pmb/camera_upload.php in PMB 7.4.7 and earlier allows attackers to run arbitrary code via upload of crafted PHTML files.

VYPR — Vulnerability Intelligence