Every CVE whose affected-product data names Sigb Pmb, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2025-0471 — CVSS 9.9 (critical): Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. This vulnerability could allow an attacker…
CVE-2023-24734 — CVSS 9.8 (critical): An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a…
CVE-2023-52153 — CVSS 9.8 (critical): A SQL Injection vulnerability in /pmb/opac_css/includes/sessions.inc.php in PMB 7.4.7 and earlier allows remote unauthenticated attackers…
CVE-2025-61168 — CVSS 9.8 (critical): An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file.
CVE-2023-51828 — CVSS 9.8 (critical): A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers…
CVE-2024-26289 — CVSS 9.8 (critical): Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before…
CVE-2023-24736 — CVSS 9.8 (critical): PMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /sauvegarde/restaure_act.php.
CVE-2023-37177 — CVSS 9.8 (critical): SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote unauthenticated attacker to execute arbitrary code via…
CVE-2025-0472 — CVSS 7.5 (high): Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a file to…
CVE-2023-38844 — CVSS 7.5 (high): SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote attacker to execute arbitrary code via the thesaurus parameter in…
CVE-2023-53982 — CVSS 7.5 (high): PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to…
CVE-2023-52154 — CVSS 7.2 (high): File Upload vulnerability in pmb/camera_upload.php in PMB 7.4.7 and earlier allows attackers to run arbitrary code via upload of crafted…
CVE-2023-46474 — CVSS 7.2 (high): File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file…
CVE-2023-52155 — CVSS 7.2 (high): A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4.7 and earlier allows remote authenticated attackers to execute…
CVE-2025-0473 — CVSS 6.5 (medium): Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above…
CVE-2025-61167 — CVSS 6.5 (medium): SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php component via the id…
CVE-2023-24737 — CVSS 6.1 (medium): PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z…
CVE-2023-24735 — CVSS 6.1 (medium): PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows…
CVE-2023-24733 — CVSS 6.1 (medium): PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z…