CNNVD-202512-4110 Information
Dec 23, 2025
cve
CNNVD ID
CNNVD-202512-4110
Related CVE
- CNNVD Published: 2025-12-23
Description (Chinese)
SIGB PMB是SIGB公司的一个开源集成图书馆管理系统。 SIGB PMB 7.4.6版本存在SQL注入漏洞,该漏洞源于ajax.php端点中id参数清理不足,可能导致SQL注入攻击。
Description (English)
SIGB PMB is an open source integrated library management system for SIGB. Version 7.4.6 of SIGB PMB contains an injection loophole in SQL, which arises from the inadequate clearance of id parameters at ajax.php endpoint, which may result in an injection attack on SQL.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
SIGB
Published
2025-12-23
Last Modified
2026-02-24
References
http://forge.sigb.net/redmine/projects/pmb/files http://www.sigb.net https://www.exploit-db.com/exploits/51197 https://www.vulncheck.com/advisories/pmb-sql-injection-vulnerability-via-unsanitized-storage-parameter
Patch
https://forge.sigb.net/projects/pmb/files
Share on: