CVE-2020-37105

Sažetak

PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can leverage this vulnerability by sending crafted requests to the /admin/sauvegarde/download.php endpoint with manipulated logid values to interact with the database.

Reference

http://forge.sigb.net/redmine/projects/pmb/files
http://www.sigb.net
https://www.exploit-db.com/exploits/48356
https://www.vulncheck.com/advisories/pmb-logid-sql-injection

CVSS

Base:	7.1
Impact:	4.2
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Zadnje važnije ažuriranje

04-02-2026 - 16:34

Objavljeno

03-02-2026 - 18:16