4 matches found
CVE-2023-37177
SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote unauthenticated attacker to execute arbitrary code via the query parameter in the /admin/convert/exportz3950.php endpoint...
PMB SQL Injection Vulnerability
PMB is a 100% free document management reference tool from the PMB Services team. A SQL injection vulnerability exists in PMB version v.7.4.7 that originates from allowing an unauthenticated, remote attacker to execute arbitrary code via the query parameter in the /admin/convert/exportz3950.php...
CVE-2023-24737
PMB v7.4.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the query parameter at /admin/convert/exportz3950.php...
PT-2023-19761 · Pmb · Pmb
Name of the Vulnerable Software and Affected Versions: PMB version 7.4.6 Description: A reflected cross-site scripting XSS issue was found in PMB via the query parameter at "/admin/convert/export z3950.php". This allows for potential malicious script execution. Recommendations: For PMB version...