exploitDog

CVE-2023-53982

Опубликовано: 23 дек. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-based blind SQL injection attacks.

Ссылки

http://forge.sigb.net/redmine/projects/pmb/files
Product
http://www.sigb.net
Product
https://www.exploit-db.com/exploits/51197
Exploit
Third Party Advisory
https://www.vulncheck.com/advisories/pmb-sql-injection-vulnerability-via-unsanitized-storage-parameter
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sigb:pmb:7.4.6:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.00047

Низкий

7.5 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-pxx7-72gh-6rgr

CVSS3: 8.2

github

около 2 месяцев назад

PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-based blind SQL injection attacks.

EPSS

Процентиль: 15%

0.00047

Низкий

7.5 High

CVSS3

Дефекты

CWE-89