CVE-2020-36970

PMB 5.6 - 'chemin' Local File Disclosure

CVSS 6.9 MEDIUMEPSS 0.3%CWE-22

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 6.9EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

28 jan 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/passwd by sending crafted requests to the getgif.php endpoint.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Produtos afetados

PMB Services · PMB Services

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://forge.sigb.net/redmine/projects/pmb/files https://www.exploit-db.com/exploits/49054 https://www.vulncheck.com/advisories/pmb-chemin-local-file-disclosure http://www.sigb.net