CVE-2023-52155

Name of the Vulnerable Software and Affected Versions PMB versions 7.4.7 and earlier

Description A SQL Injection issue in the /admin/sauvegarde/run.php endpoint allows remote authenticated attackers to execute arbitrary SQL commands via the sauvegardes variable. This enables attackers to manipulate database queries, potentially leading to unauthorized data access or modification.

Recommendations For PMB versions 7.4.7 and earlier, as a temporary workaround, consider restricting access to the /admin/sauvegarde/run.php endpoint until a patch is available. Additionally, avoid using the sauvegardes variable in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.