CVE-2020-37105

Name of the Vulnerable Software and Affected Versions PMB version 5.6

Description An issue in the administration download script allows authenticated attackers to execute arbitrary SQL commands. This is achieved by sending crafted requests to the '/admin/sauvegarde/download.php' endpoint using manipulated values in the logid parameter to interact with the database.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.