CVE-2023-37177

Name of the Vulnerable Software and Affected Versions PMB Services PMB versions 7.4.7 and earlier

Description The issue allows a remote unauthenticated attacker to execute arbitrary code via the query parameter in the "/admin/convert/export z3950.php" endpoint. This enables the attacker to perform unauthorized actions on the system.

Recommendations For PMB Services PMB versions 7.4.7 and earlier, consider disabling access to the "/admin/convert/export z3950.php" endpoint until a patch is available. Restrict input for the query parameter to prevent malicious code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.