Primary

Context

SIGB PMB SQL Injection Vulnerability in ajax_selector.php Component

Vulnerability

Patched

A SQL injection vulnerability has been identified in SIGB PMB version 8.0.1.14. The issue resides in the 'opac_css/ajax_selector.php' component, where the 'id' and 'datas' parameters can be manipulated to inject arbitrary SQL into the application's database queries.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a request to the 'opac_css/ajax_selector.php' endpoint with the 'id' parameter containing an unescaped single quote. This will manipulate the SQL query to accept injected SQL through the 'datas' parameter.

Remediation

Users are advised to update to the latest version of SIGB PMB where this vulnerability has been addressed.

Added: Nov 25, 2025, 7:23 PM

Updated: Nov 25, 2025, 10:37 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

3.1

exploitability

9.7

remediation

7.7

relevance

1.1

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

3.1

exploitability

9.7

remediation

7.7

relevance

1.1

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SIGB PMB SQL Injection Vulnerability in ajax_selector.php Component

Vulnerability

Impact

Reproduction

Remediation

Affected Products

SIGB PMB

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating