CVE-2025-61167
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk11th percentile - higher than 11% of all known CVEs
Summary
Multiple SQL injection vulnerabilities were discovered in SIGB PMB version 8.0.1.14 in the /opac_css/ajax_selector.php component. The flaws exist in the id and datas parameters.
Risk Assessment
An attacker can remotely manipulate SQL queries, potentially leading to unauthorized database access, sensitive data leakage, or data modification.
Recommendation
Immediately update SIGB PMB to the latest available version that fixes these vulnerabilities. Until the update is applied, restrict access to the /opac_css/ajax_selector.php component and validate the id and datas parameters.
Original NVD description (English source)
SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php component via the id and datas parameters.

