High severity8.4NVD Advisory· Published Jan 28, 2026· Updated Apr 15, 2026

CVE-2020-36970

Description

PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/passwd by sending crafted requests to the getgif.php endpoint.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

forge.sigb.net/redmine/projects/pmb/filesnvd
www.sigb.netnvd
www.exploit-db.com/exploits/49054nvd
www.vulncheck.com/advisories/pmb-chemin-local-file-disclosurenvd

News mentions

No linked articles in our index yet.

cvss	0.546
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000