CNNVD-202602-382 Information

CNNVD ID

CNNVD-202602-382

Related CVE

CVE-2020-37105

• CNNVD Published: 2026-02-03

Description (Chinese)

SIGB PMB是SIGB公司的一个开源集成图书馆管理系统。 SIGB PMB 5.6版本存在SQL注入漏洞，该漏洞源于管理下载脚本中的logid参数存在SQL注入，可能导致经过身份验证的攻击者执行任意SQL命令。

Description (English)

SIGB PMB is an open source integrated library management system for SIGB. Version 5.6 of SIGB PMB has an injection loophole in SQL, which stems from the presence of SQL injections of logid parameters in managed download scripts, which may lead to the execution of any SQL order by an identified assailant.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

SIGB

Published

2026-02-03

Last Modified

2026-02-24

References

http://forge.sigb.net/redmine/projects/pmb/files http://www.sigb.net https://www.exploit-db.com/exploits/48356 https://www.vulncheck.com/advisories/pmb-logid-sql-injection