CVE-2025-61167

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SIGB PMB version 8.0.1.14

Description The software contains multiple SQL injection flaws in the /opac css/ajax selector.php component. These flaws are triggered through the id and datas parameters. The component is susceptible to manipulation via crafted input to these parameters, potentially allowing unauthorized database access or modification.

Recommendations Apply updates to address the identified SQL injection flaws in the /opac css/ajax selector.php component. As a temporary workaround, restrict access to the id and datas parameters in the /opac css/ajax selector.php component.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-61167

Affected Products

Sigb Pmb

CVE-2025-61167

Weakness Enumeration

Related Identifiers

Affected Products

References · 9