Pmb · Pmb · CVE-2023-53982
**Name of the Vulnerable Software and Affected Versions**
PMB version 7.4.6
**Description**
The software contains a SQL injection issue in the storage parameter of the ''ajax.php'' endpoint. This allows remote attackers to manipulate database queries. The unsanitized `id` parameter is exploitable by injecting conditional sleep statements to extract information or perform time-based blind SQL injection attacks.
**Recommendations**
Update to a newer version that contains a fix for this vulnerability.