High severity7.1NVD Advisory· Published Feb 3, 2026· Updated Apr 15, 2026
CVE-2020-37105
CVE-2020-37105
Description
PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can leverage this vulnerability by sending crafted requests to the /admin/sauvegarde/download.php endpoint with manipulated logid values to interact with the database.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 5.6
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.