CNNVD-202511-2717 Information

CNNVD ID

CNNVD-202511-2717

Related CVE

CVE-2025-61167

• CNNVD Published: 2025-11-25

Description (Chinese)

SIGB PMB是SIGB公司的一个开源集成图书馆管理系统。 SIGB PMB v8.0.1.14版本存在安全漏洞，该漏洞源于组件/opac_css/ajax_selector.php中参数id和datas处理不当，可能导致SQL注入攻击。

Description (English)

SIGB PMB is an open source integrated library management system for SIGB. Version SIGB PMB v8.0.1.14 contains a security loophole that originates from the mishandling of the parameters id and datas in the component/opac css/ajax selector.php, which may lead to an SQL injection attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

SIGB

Published

2025-11-25

Last Modified

2026-02-24

References

http://pmb.com https://forge.sigb.net/projects/pmb/wiki/Changelog_801#S%C3%A9curit%C3%A9-2 http://sigb.com https://gist.github.com/ZanyMonk/ed12e265f777152c33aeb806a644850e https://access.redhat.com/security/cve/cve-2025-61167

Patch

https://sigb.com/