{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2020-36970","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2026-01-27T15:47:07.998Z","datePublished":"2026-01-28T17:35:11.195Z","dateUpdated":"2026-01-28T21:29:26.284Z"},"containers":{"cna":{"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2026-01-28T17:35:11.195Z"},"datePublic":"2020-10-13T00:00:00.000Z","title":"PMB 5.6 - 'chemin' Local File Disclosure","descriptions":[{"lang":"en","value":"PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/passwd by sending crafted requests to the getgif.php endpoint."}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","cweId":"CWE-22","type":"CWE"}]}],"affected":[{"vendor":"PMB Services","product":"PMB Services","versions":[{"version":"5.6","status":"affected"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":6.9,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS"},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.4,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"references":[{"url":"https://www.exploit-db.com/exploits/49054","name":"ExploitDB-49054","tags":["exploit"]},{"url":"http://www.sigb.net","name":"Vendor Homepage","tags":["product"]},{"url":"http://forge.sigb.net/redmine/projects/pmb/files","name":"Software Download Repository","tags":["product"]},{"name":"VulnCheck Advisory: PMB 5.6 - 'chemin' Local File Disclosure","tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/pmb-chemin-local-file-disclosure"}],"credits":[{"lang":"en","value":"41-trk (Tarik Bakir)","type":"finder"}],"x_generator":{"engine":"vulncheck"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-28T21:26:31.872562Z","id":"CVE-2020-36970","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-28T21:29:26.284Z"}}]}}