Cyber Resilience

CVE-2020-36970

MediumPublic PoC

Published: 28 January 2026

Published
28 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0027 18.5th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2020-36970 is a medium-severity Path Traversal (CWE-22) vulnerability in Sigb (inferred from references). Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 18.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2020-36970 is a local file disclosure vulnerability in PMB 5.6, specifically within the getgif.php component. The flaw stems from unsanitized input handling in the 'chemin' parameter, enabling directory traversal that allows attackers to read arbitrary system files, such as /etc/passwd, through crafted requests to the getgif.php endpoint.

Attackers require local access (AV:L) but no privileges (PR:N), with low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation grants high-impact access to sensitive files, as reflected in the CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and CWE-22 classification for improper limitation of a pathname to a restricted directory.

Advisories and references, including those from VulnCheck (https://www.vulncheck.com/advisories/pmb-chemin-local-file-disclosure) and an Exploit-DB entry (https://www.exploit-db.com/exploits/49054), detail the vulnerability and provide proof-of-concept exploitation. Additional resources are available on the PMB project sites at http://forge.sigb.net/redmine/projects/pmb/files and http://www.sigb.net.

A public exploit on Exploit-DB highlights the vulnerability's exploitability, published on 2026-01-28.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/passwd by sending crafted…

more

requests to the getgif.php endpoint.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1003.008 /etc/passwd and /etc/shadow Credential Access
Adversaries may attempt to dump the contents of <code>/etc/passwd</code> and <code>/etc/shadow</code> to enable offline password cracking.
Why these techniques?

Path traversal in getgif.php directly enables arbitrary local file reads (e.g., /etc/passwd), mapping to Data from Local System and OS Credential Dumping via /etc/passwd and /etc/shadow.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-44307Shared CWE-22
CVE-2025-20051Shared CWE-22
CVE-2026-39369Shared CWE-22
CVE-2018-25144Shared CWE-22
CVE-2025-24605Shared CWE-22
CVE-2026-28482Shared CWE-22
CVE-2026-41205Shared CWE-22
CVE-2026-41419Shared CWE-22
CVE-2026-42600Shared CWE-22
CVE-2025-13801Shared CWE-22

Affected Assets

Sigb
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the vulnerability by requiring validation of the unsanitized 'chemin' parameter to block directory traversal and prevent arbitrary file reads.

prevent

Enforces logical access controls to restrict the getgif.php endpoint from accessing unauthorized system files like /etc/passwd.

prevent

Restricts inputs to the 'chemin' parameter to safe, whitelisted paths, preventing manipulation for directory traversal exploits.

References