3 results (0.007 seconds)

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2024-26289 – Remote Code Inclusion Vulnerability in Multiple PMB Versions

https://notcve.org/view.php?id=CVE-2024-26289

Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18. Vulnerabilidad de deserialización de datos no confiables en PMB Services PMB permite la inclusión remota de código. Este problema afecta a PMB: desde 7.5.1 anterior a 7.5.6-2, desde 7.4.1 anterior a 7.4.9, desde 7.3.1 anterior a 7.3.18. • https://forge.sigb.net/projects/pmb/files https://github.com/enisaeu/CNW/blob/main/advisories/2024/CNW-2024-A-12.md • CWE-502: Deserialization of Untrusted Data •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2

CVE-2014-9457 – PMB 4.1.3 - (Authenticated) SQL Injection

https://notcve.org/view.php?id=CVE-2014-9457

SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the id parameter to catalog.php. Vulnerabilidad de inyección SQL en classes/mono_display.class.php en PMB 4.1.3 y anteriores permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro id en catalog.php. • https://www.exploit-db.com/exploits/35625 http://www.exploit-db.com/exploits/35625 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 29%CPEs: 1EXPL: 2

CVE-2007-1415 – PMB Services 3.0.13 - Multiple Remote File Inclusions

https://notcve.org/view.php?id=CVE-2007-1415

Multiple PHP remote file inclusion vulnerabilities in PMB Services 3.0.13 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path parameter to (a) includes/resa_func.inc.php (b) admin/notices/perso.inc.php, or (c) admin/quotas/main.inc.php; the (2) base_path parameter to (d) opac_css/rec_panier.php or (e) opac_css/includes/author_see.inc.php; or the (3) include_path parameter to (f) bull_info.inc.php or (g) misc.inc.php in includes/; (h) options_date_box.php, (i) options_file_box.php, (j) options_list.php, (k) options_query_list.php, or (l) options_text.php in includes/options/; (m) options.php, (n) options_comment.php, (o) options_date_box.php, (p) options_list.php, (q) options_query_list.php, or (r) options_text.php in includes/options_empr/; or (s) admin/import/iimport_expl.php, (t) admin/netbase/clean.php, (u) admin/param/param_func.inc.php, (v) admin/sauvegarde/lieux.inc.php, (w) autorites.php, (x) account.php, (y) cart.php, or (z) edit.php. Las múltiples vulnerabilidades de inclusión de archivos remotos de PHP en PMB Services versiones 3.0.13 y anteriores, permiten que los atacantes remotos ejecuten código PHP arbitrario por medio de una URL en el (1) parámetro class_path en los archivos (a) includes/resa_func.inc.php (b) admin/notices/perso.inc.php, o (c) admin/quotas/main.inc.php; el (2) parámetro base_path en los archivos (d) opac_css/rec_panier.php o (e) opac_css/includes/author_see.inc.php; o el (3) parámetro include_path en los archivos (f) bull_info.inc.php o (g) misc.inc.php en includes/; (h) options_date_box.php, (i) options_file_box.php, (j) options_list.php, (k) options_query_list.php, o (l) options_text.php en includes/options/; (m) options.php, (n) options_comment.php, (o) options_date_box.php, (p) options_list.php, (q) options_query_list.php, o (r) options_text.php in incluye/options_empr/; o (s) admin/import/iimport_expl.php, (t) admin/netbase/clean.php, (u) admin/param/param_func.inc.php, (v) admin/sauvegarde/lieux.inc.php, ( w) autorites.php, (x) account.php, (y) cart.php o (z) edit.php. • https://www.exploit-db.com/exploits/3443 http://advisories.echo.or.id/adv/adv68-K-159-2007.txt http://www.osvdb.org/35101 http://www.osvdb.org/35102 http://www.osvdb.org/35103 http://www.osvdb.org/35104 http://www.osvdb.org/35105 http://www.osvdb.org/35106 http://www.osvdb.org/35107 http://www.osvdb.org/35108 http://www.osvdb.org/35109 http://www.osvdb.org/35110 http://www.osvdb.org/35111 http://www.osvdb.org/35112 http: • CWE-94: Improper Control of Generation of Code ('Code Injection') •