CVE-2020-36970
Published: 28 January 2026
Summary
CVE-2020-36970 is a medium-severity Path Traversal (CWE-22) vulnerability in Sigb (inferred from references). Its CVSS base score is 6.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 18.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2020-36970 is a local file disclosure vulnerability in PMB 5.6, specifically within the getgif.php component. The flaw stems from unsanitized input handling in the 'chemin' parameter, enabling directory traversal that allows attackers to read arbitrary system files, such as /etc/passwd, through crafted requests to the getgif.php endpoint.
Attackers require local access (AV:L) but no privileges (PR:N), with low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation grants high-impact access to sensitive files, as reflected in the CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and CWE-22 classification for improper limitation of a pathname to a restricted directory.
Advisories and references, including those from VulnCheck (https://www.vulncheck.com/advisories/pmb-chemin-local-file-disclosure) and an Exploit-DB entry (https://www.exploit-db.com/exploits/49054), detail the vulnerability and provide proof-of-concept exploitation. Additional resources are available on the PMB project sites at http://forge.sigb.net/redmine/projects/pmb/files and http://www.sigb.net.
A public exploit on Exploit-DB highlights the vulnerability's exploitability, published on 2026-01-28.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-30877
Vulnerability details
PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/passwd by sending crafted…
more
requests to the getgif.php endpoint.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in getgif.php directly enables arbitrary local file reads (e.g., /etc/passwd), mapping to Data from Local System and OS Credential Dumping via /etc/passwd and /etc/shadow.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the vulnerability by requiring validation of the unsanitized 'chemin' parameter to block directory traversal and prevent arbitrary file reads.
Enforces logical access controls to restrict the getgif.php endpoint from accessing unauthorized system files like /etc/passwd.
Restricts inputs to the 'chemin' parameter to safe, whitelisted paths, preventing manipulation for directory traversal exploits.