← volver
CVE-2020-36970

PMB 5.6 - 'chemin' Local File Disclosure

CVSS 6.9 MEDIUMEPSS 0.3%CWE-22
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.9EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
28 ene 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/passwd by sending crafted requests to the getgif.php endpoint.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
PMB Services · PMB Services

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://forge.sigb.net/redmine/projects/pmb/fileshttps://www.exploit-db.com/exploits/49054https://www.vulncheck.com/advisories/pmb-chemin-local-file-disclosurehttp://www.sigb.net