CVE-2023-53982

Sažetak

PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-based blind SQL injection attacks.

Reference

http://forge.sigb.net/redmine/projects/pmb/files
http://www.sigb.net
https://www.exploit-db.com/exploits/51197
https://www.vulncheck.com/advisories/pmb-sql-injection-vulnerability-via-unsanitized-storage-parameter

CVSS

Base:	8.2
Impact:	4.2
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Zadnje važnije ažuriranje

23-12-2025 - 20:15

Objavljeno

23-12-2025 - 20:15