CVE-2023-53982

Name of the Vulnerable Software and Affected Versions PMB version 7.4.6

Description The software contains a SQL injection issue in the storage parameter of the ''ajax.php'' endpoint. This allows remote attackers to manipulate database queries. The unsanitized id parameter is exploitable by injecting conditional sleep statements to extract information or perform time-based blind SQL injection attacks.

Recommendations Update to a newer version that contains a fix for this vulnerability.