CVE-2023-53982 - PMB 7.4.6 SQL Injection Vulnerability via Unsanitized Storage Parameter

CVE ID : CVE-2023-53982 Published : Dec. 23, 2025, 8:15 p.m. | 32 minutes ago Description : PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-based blind SQL injection attacks. Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Telegram CVE Monitor