CVE Catalog

CVE-2025-61167

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile - higher than 11% of all known CVEs

Summary

Multiple SQL injection vulnerabilities were discovered in SIGB PMB version 8.0.1.14 in the /opac_css/ajax_selector.php component. The flaws exist in the id and datas parameters.

Risk Assessment

An attacker can remotely manipulate SQL queries, potentially leading to unauthorized database access, sensitive data leakage, or data modification.

Recommendation

Immediately update SIGB PMB to the latest available version that fixes these vulnerabilities. Until the update is applied, restrict access to the /opac_css/ajax_selector.php component and validate the id and datas parameters.

Original NVD description (English source)

SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php component via the id and datas parameters.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS