3 matches found
CVE-2023-37177
SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote unauthenticated attacker to execute arbitrary code via the query parameter in the /admin/convert/exportz3950.php endpoint...
PMB SQL Injection Vulnerability
PMB is a 100% free document management reference tool from the PMB Services team. A SQL injection vulnerability exists in PMB version v.7.4.7 that originates from allowing an unauthenticated, remote attacker to execute arbitrary code via the query parameter in the /admin/convert/exportz3950.php...
CVE-2023-24737
PMB v7.4.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the query parameter at /admin/convert/exportz3950.php...