CVE-2014-9457
CVE-2014-9457 affects PMB up to version 4.1.3, with a SQL injection in codes/mono_display.class.php that allows remote authenticated users to execute arbitrary SQL via the id parameter to catalog.php. Public references list an exploit, and the NVD metrics indicate a Medium severity (CVSS v2 base ...