CVE-2023-52153

Name of the Vulnerable Software and Affected Versions PMB versions 7.4.7 and earlier

Description A SQL Injection issue in /pmb/opac css/includes/sessions.inc.php allows remote unauthenticated attackers to inject arbitrary SQL commands via the PmbOpac-LOGIN cookie value. This enables attackers to potentially manipulate database queries, extracting or modifying sensitive data without proper authorization.

Recommendations For PMB versions 7.4.7 and earlier, as a temporary workaround, consider restricting access to the /pmb/opac css/includes/sessions.inc.php file until a patch is available. Additionally, avoid using the PmbOpac-LOGIN cookie value in sensitive transactions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.