Primary

Context

PMB Local File Disclosure Vulnerability in getgif.php

Vulnerability

A local file disclosure vulnerability has been identified in PMB version 5.6. The issue arises in the getgif.php file, where the 'chemin' parameter is not properly sanitized. This flaw allows attackers to read arbitrary system files by sending crafted requests to the getgif.php endpoint. Exploitation of this vulnerability could lead to the disclosure of sensitive files, such as /etc/passwd.

Impact

Exploitation of this vulnerability allows for arbitrary file reading, potentially disclosing sensitive system information.

Reproduction

To reproduce this vulnerability, send a request to the getgif.php endpoint with a crafted 'chemin' parameter that includes a path traversal sequence. This will exploit the lack of input sanitization to access restricted files on the server.

Added: Jan 28, 2026, 6:39 PM

Updated: Jan 28, 2026, 6:39 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

8.0

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

8.0

remediation

0.0

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PMB Local File Disclosure Vulnerability in getgif.php

Vulnerability

Impact

Reproduction

Affected Products

PMB

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating