Skip to main content

Pmb CVE-2024-26289

CRITICAL
Deserialization of Untrusted Data (CWE-502)
2024-05-27 a6d3dc9e-0591-4a13-bce7-0f5b31ff6158
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 27, 2024 - 07:15 nvd
CRITICAL 9.8

DescriptionNVD

Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18.

AnalysisAI

Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Deserialization of Untrusted Data (CWE-502), which allows attackers to execute arbitrary code through malicious serialized objects. Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18. Affected products include: Sigb Pmb. Version information: before 7.5.6.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid deserializing untrusted data. Use safe serialization formats (JSON). Implement integrity checks and type allowlists.

More in Pmb

View all
CVE-2023-46474 HIGH POC
7.2 Jan 11

File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a c

CVE-2023-24736 CRITICAL POC
9.8 Mar 06

PMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /sauvegarde/restaure_

CVE-2023-24734 CRITICAL POC
9.8 Mar 06

An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbi

CVE-2014-9457 MEDIUM POC
6.5 Jan 02

SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote authenticated users

CVE-2023-24737 MEDIUM POC
6.1 Mar 06

PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /ad

CVE-2023-24735 MEDIUM POC
6.1 Mar 06

PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. Rated medium se

CVE-2023-24733 MEDIUM POC
6.1 Mar 06

PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /ad

CVE-2022-34328 MEDIUM POC
6.1 Jun 23

PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php. Rated medium severity (C

CVE-2025-61168 CRITICAL
9.8 Nov 25

An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializin

CVE-2025-61167 MEDIUM
6.5 Nov 25

SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php c

CVE-2025-48742 MEDIUM
5.4 May 27

The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution. Rated medium severity (CVSS 5.4),

CVE-2025-48744 MEDIUM
6.4 May 27

In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution. Rated medium severity

Share

CVE-2024-26289 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy