Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

NVD
NVDadded 2025/12/23 8:15 p.m.1 views

CVE-2023-53982

PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-bas...

9.3CVSS0.00021EPSS
Exploits1References4
OSV
OSVadded 2025/12/23 8:15 p.m.1 views

CVE-2023-53982

PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-bas...

7.5CVSS5.9AI score0.00021EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2025/12/23 7:34 p.m.1 views

CVE-2023-53982 PMB 7.4.6 SQL Injection Vulnerability via Unsanitized Storage Parameter

PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-bas...

9.3CVSS7.5AI score0.00021EPSS
Exploits1References4
CVE
CVEadded 2025/12/23 7:34 p.m.9 views

CVE-2023-53982

CVE-2023-53982 concerns PMB 7.4.6, where a SQL injection exists in the storage parameter of the ajax.php endpoint. The vulnerability stems from an unsanitized or improperly handled ‘id’ parameter, enabling remote attackers to manipulate database queries and potentially perform time-based blind SQ...

9.3CVSS7.5AI score0.00021EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2025/12/23 7:34 p.m.24 views

CVE-2023-53982 PMB 7.4.6 SQL Injection Vulnerability via Unsanitized Storage Parameter

PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-bas...

9.3CVSS0.00021EPSS
Exploits1References4
CNVD
CNVDadded 2024/05/10 12:0 a.m.6 views

RuvarOA sys_file_storage_id parameter SQL injection vulnerability (CNVD-2024-33629)

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the sysfilestorageid parameter of the /WorkPlan/WorkPlanAttachDownLoad.aspx file against external SQL input. This vulnerability...

9.4CVSS8AI score0.00049EPSS
Exploits1References1
Rows per page
Query Builder