CVE-2020-36970

Name of the Vulnerable Software and Affected Versions PMB version 5.6

Description A local file disclosure issue exists in the 'getgif.php' endpoint. By manipulating the chemin parameter, attackers can exploit unsanitized file path input to read arbitrary system files, such as /etc/passwd.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.