CVE-2023-53982

Published Dec 23, 2025

Last updated 2 months ago

CVSS critical 9.3

Overview

Description: PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-based blind SQL injection attacks.
Source: disclosure@vulncheck.com
NVD status: Modified
Products: pmb

Risk scores

CVSS 4.0

Type: Secondary
Base score: 9.3
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: CRITICAL

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

disclosure@vulncheck.com: CWE-89

Hype score: Not currently trending

🟠 CVE-2023-53982 - High PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsan... https://t.co/LJbFfl8zqU https://t.co/55dl4OGRSU
@TheHackerWire
23 Dec 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sigb:pmb:7.4.6:*:*:*:*:*:*:*",
            "matchCriteriaId": "7F6BCC12-4630-4A28-BF91-35DB0393B131",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 4.0

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References