This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: PMB v7.4.8 suffers from **Unrestricted File Upload** via `start_import.php`. <br>π₯ **Consequences**: Attackers execute **Arbitrary Code** and escalate privileges to full system control.β¦
π¦ **Affected**: **PMB Services** (Document Management Tool). <br>π **Versions**: Specifically **v7.4.8** (and potentially up to v7.5.3 based on PoC title). <br>π’ **Vendor**: PMB Services Team.
Q4What can hackers do? (Privileges/Data)
π **Privileges**: Attackers gain **Remote Code Execution (RCE)**. <br>π **Data**: Can access/modify any data the web server user can.β¦
π **Auth Required**: **Yes**. The CVSS vector `PR:H` (Privileges Required: High) indicates attackers need **valid credentials** or high-level access to upload files to the admin path (`/pmb/admin/...`).β¦
π£ **Public Exploit**: **Yes**. A PoC is available on GitHub (`Xn2/CVE-2023-46474`). <br>π **Status**: Active exploitation is possible. CVSS Score **9.1** (Critical) confirms high exploitability.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: <br>1. Scan for `pmb/admin/convert/start_import.php` endpoint. <br>2. Check if file upload functionality exists without strict MIME/type validation. <br>3.β¦
π§ **Workaround (No Patch)**: <br>1. **Disable** the `start_import.php` script or the import feature entirely. <br>2. **Restrict Access**: Block admin paths via WAF or Nginx/Apache config. <br>3.β¦
β οΈ **Urgency**: **CRITICAL**. <br>π₯ **Priority**: Immediate action required. CVSS 9.1 + Public PoC = High risk. Even with auth requirement, compromised admin accounts make this an instant critical incident.