← back
CVE-2020-36970

PMB 5.6 - 'chemin' Local File Disclosure

CVSS 6.9 MEDIUMEPSS 0.3%CWE-22
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.9EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
28 Jan 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/passwd by sending crafted requests to the getgif.php endpoint.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
PMB Services · PMB Services

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://forge.sigb.net/redmine/projects/pmb/fileshttps://www.exploit-db.com/exploits/49054https://www.vulncheck.com/advisories/pmb-chemin-local-file-disclosurehttp://www.sigb.net