11 matches found
CVE-2020-37105
PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can leverage this vulnerability by sending crafted requests to the /admin/sauvegarde/download.php...
CVE-2023-52155
A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4.7 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via the sauvegardes variable through the /admin/sauvegarde/run.php endpoint...
CVE-2023-52155
A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4.7 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via the sauvegardes variable through the /admin/sauvegarde/run.php endpoint...
sauvegarde-retraites.org Cross Site Scripting vulnerability OBB-3270024
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-24736
PMB v7.4.6 was discovered to contain a remote code execution RCE vulnerability via the component /sauvegarde/restaureact.php...
CVE-2023-24736
PMB v7.4.6 was discovered to contain a remote code execution RCE vulnerability via the component /sauvegarde/restaureact.php...
CVE-2023-24736
PMB v7.4.6 was discovered to contain a remote code execution RCE vulnerability via the component /sauvegarde/restaureact.php...
Remote code execution
PMB v7.4.6 was discovered to contain a remote code execution RCE vulnerability via the component /sauvegarde/restaureact.php...
CVE-2023-24736
PMB v7.4.6 was discovered to contain a remote code execution RCE vulnerability via the component /sauvegarde/restaureact.php...
CVE-2023-24736
PMB v7.4.6 contains a remote code execution (RCE) vulnerability in the component /sauvegarde/restaure_act.php. The issue is exposed over a network vector with no user interaction required and privileges. Documented impact indicates high/critical potential (C:H/I:H/A:H), but exploitation status is...
PMB 5.6 - 'logid' SQL Injection
Exploit Title: PMB 5.6 - 'logid' SQL Injection Google Dork: inurl:opaccss Date: 2020-04-20 Exploit Author: 41-trk Tarik Bakir Vendor Homepage: http://www.sigb.net Software Link: http://forge.sigb.net/redmine/projects/pmb/files Affected versions : = 5.6 -==== Software Description ====- PMB is a...