SQL Injection Vulnerability in PMB Services Library Management System
CVE-2023-37177

Currently unrated

Key Information:

Vendor: PMB Services
Status: Pmb
Vendor: CVE Published:; 21 February 2024

🔔 Create PMB Services Vulnerability Alert

What is CVE-2023-37177?

An SQL Injection vulnerability exists in PMB Services' library management system, affecting version 7.4.7 and earlier. This security flaw allows remote unauthenticated attackers to exploit the /admin/convert/export_z3950.php endpoint by manipulating the query parameters. Successful exploitation can lead to arbitrary code execution, posing significant risks to data integrity and system availability. Organizations using affected versions must prioritize vulnerability assessments and implement security patches to mitigate potential threats.

References

https://nexacybersecurity.blogspot.com/2024/02/journey-fi...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 21, 2024
Vulnerability Reserved
Jun 28, 2023