CVE-2020-37105
SQL Injection in PMB 5.6 Admin Download Allows Data Manipulation
Publication date: 2026-02-03
Last updated on: 2026-02-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unknown_vendor | pmb | to 5.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The SQL injection vulnerability in PMB 5.6 allows authenticated attackers to execute arbitrary SQL commands, potentially compromising sensitive data stored in the database.
Such unauthorized access and potential data compromise can lead to violations of data protection regulations and standards like GDPR and HIPAA, which require safeguarding sensitive personal and health information against unauthorized access and breaches.
Therefore, exploitation of this vulnerability could negatively impact compliance by exposing confidential data and failing to maintain required security controls.
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "To mitigate the SQL injection vulnerability in PMB 5.6's administration download script, immediate steps include restricting access to the /admin/sauvegarde/download.php endpoint to only trusted and authenticated administrators."}, {'type': 'paragraph', 'content': 'Ensure that only users with valid administrative credentials can access this functionality, as exploitation requires authentication.'}, {'type': 'paragraph', 'content': "Additionally, monitor and audit logs for any suspicious activity involving the 'logid' parameter."}, {'type': 'paragraph', 'content': 'If possible, apply any available patches or updates from the vendor that address this vulnerability.'}, {'type': 'paragraph', 'content': "As a temporary workaround, consider implementing input validation or filtering on the 'logid' parameter to prevent malicious SQL commands."}] [1, 2]
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2020-37105 is a high-severity SQL injection vulnerability affecting PMB version 5.6 and earlier. It exists in the administration download script at the endpoint /admin/sauvegarde/download.php, specifically through the 'logid' parameter."}, {'type': 'paragraph', 'content': "Authenticated attackers can exploit this vulnerability by sending crafted requests with manipulated 'logid' values, allowing them to execute arbitrary SQL commands on the backend database."}, {'type': 'paragraph', 'content': 'This flaw requires the attacker to have valid administrative credentials but does not require user interaction and has a low attack complexity.'}] [1, 2]
How can this vulnerability impact me? :
This vulnerability allows authenticated attackers to execute arbitrary SQL commands on the backend database, potentially compromising sensitive data.
The impact includes high confidentiality loss, meaning attackers could access or leak sensitive information stored in the database.
The integrity impact is low, so attackers might have limited ability to alter data, and there is no impact on availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This SQL injection vulnerability can be detected by sending crafted requests to the vulnerable endpoint and observing if arbitrary SQL commands can be executed through the 'logid' parameter."}, {'type': 'paragraph', 'content': 'A practical way to test this is by using SQL injection testing tools such as sqlmap.'}, {'type': 'list_item', 'content': 'Use sqlmap with a command like: ./sqlmap.py -u "http://localhost/[PMB_PATH]/admin/sauvegarde/download.php?logid=1" -p logid --headers="Cookie: [VALID_USER_COOKIE]" --passwords'}, {'type': 'paragraph', 'content': 'Note that exploitation requires valid administrative authentication, so the request must include valid session cookies or credentials.'}] [2]