Lucene search

K
vulnrichmentMitreVULNRICHMENT:CVE-2023-51828
HistoryFeb 21, 2024 - 12:00 a.m.

CVE-2023-51828

2024-02-2100:00:00
mitre
github.com
1
sql injection
pmb
remote attackers
arbitrary sql commands
get_next_notice function

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter in get_next_notice function.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:pmb_project:pmb:*:*:*:*:*:*:*:*"
    ],
    "vendor": "pmb_project",
    "product": "pmb",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "7.4.7"
      }
    ],
    "defaultStatus": "unknown"
  }
]

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

Related for VULNRICHMENT:CVE-2023-51828