Vulnerability Description
PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/passwd by sending crafted requests to the getgif.php endpoint.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- http://forge.sigb.net/redmine/projects/pmb/files
- http://www.sigb.net
- https://www.exploit-db.com/exploits/49054
- https://www.vulncheck.com/advisories/pmb-chemin-local-file-disclosure
FAQ
What is CVE-2020-36970?
CVE-2020-36970 is a vulnerability with a CVSS score of 8.4 (HIGH). PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized ...
How severe is CVE-2020-36970?
CVE-2020-36970 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-36970?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.