Security Advisory
CVE-2020-36970
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the chemin parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/passwd by sending crafted requests to the getgif.php endpoint.