PMB 7.3.10 - Cross-Site Scripting

PMB 7.3.10 contains a reflected cross-site scripting vulnerability via the id parameter in an lvl=authorsee request to index.php. id: CVE-2022-34328 info: name: PMB 7.3.10 - Cross-Site Scripting author: edoardottt severity: medium description: | PMB 7.3.10 contains a reflected cross-site scriptin...

PMB v7.4.6 - Cross-Site Scripting

PMB v7.4.6 allows an attacker to perform a reflected XSS on exportz3950.php via the 'query' parameter. id: CVE-2023-24737 info: name: PMB v7.4.6 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | PMB v7.4.6 allows an attacker to perform a reflected XSS on exportz3950.php via t...

CVE-2020-37105

PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can leverage this vulnerability by sending crafted requests to the /admin/sauvegarde/download.php...

CVE-2020-37105 PMB 5.6 - 'logid' SQL Injection

PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can leverage this vulnerability by sending crafted requests to the /admin/sauvegarde/download.php...

CVE-2020-37105

PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands via the logid parameter to /admin/sauvegarde/download.php. Affected component is the download script; root cause is improper handling/validati...

SIGB PMB SQL注入漏洞

SIGB PMB is an open-source integrated library management system developed by SIGB Corporation. Version 5.6 of SIGB PMB contains a SQL injection vulnerability. This vulnerability stems from the logid parameter in the management download script, which allows for SQL injections. As a result,...

CVE-2020-36970

CVE-2020-36970 affects PMB 5.6, with a local file disclosure vulnerability in getgif.php triggered by unsanitized input of the chemin parameter. Attackers can read arbitrary system files (e.g., /etc/passwd) by crafting requests to getgif.php, leading to high impact on confidentiality. The provide...

CVE-2020-36970 PMB 5.6 - 'chemin' Local File Disclosure

PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/passwd by sending crafted requests to the...

CVE-2020-36970

PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/passwd by sending crafted requests to the...

SIGB PMB SQL注入漏洞

SIGB PMB is an open source integrated library management system from SIGB. A SQL injection vulnerability exists in SIGB PMB version 7.4.6, which stems from insufficient cleanup of the id parameter in the ajax.php endpoint, which could lead to a SQL injection attack...

CVE-2025-61168

An issue in the cmsrest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file...

CVE-2025-61167

SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opaccss/ajaxselector.php component via the id and datas parameters...

CVE-2025-61168

An issue in the cmsrest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file...

PT-2025-48069

Name of the Vulnerable Software and Affected Versions SIGB PMB version 8.0.1.14 Description The software contains multiple SQL injection flaws in the /opac css/ajax selector.php component. These flaws are triggered through the id and datas parameters. The component is susceptible to manipulation...

EUVD-2007-1409

Malware in sbrugna...

EUVD-2014-9277

Malware in sbrugna...

EUVD-2025-1696

Malicious code in bioql PyPI...

EUVD-2025-1698

Malicious code in bioql PyPI...

EUVD-2024-23560

Malicious code in bioql PyPI...

EUVD-2025-1697

Malicious code in bioql PyPI...