Skip to main content

Gila Cms CVE-2020-5512

MEDIUM
Path Traversal (CWE-22)
2020-01-06 cve@mitre.org
6.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jan 06, 2020 - 20:15 nvd
MEDIUM 6.8

DescriptionNVD

Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal.

AnalysisAI

Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Affected products include: Gilacms Gila Cms.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

CVE-2020-5514 CRITICAL POC
9.1 Jan 06

Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= UR

CVE-2019-11456 HIGH POC
8.8 Apr 22

Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. Rated high severity (CVSS 8.8), this vulnerability

CVE-2021-37777 HIGH POC
7.5 Oct 04

Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Rated high severity (CVSS 7.5), this vulnerabil

CVE-2020-28692 HIGH POC
7.2 Nov 16

In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for exec

CVE-2020-5515 HIGH POC
7.2 Jan 06

Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely e

CVE-2020-5513 MEDIUM POC
6.8 Jan 06

Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal. Rated medium severity (CVSS 6.8), this vulnerability is rem

CVE-2019-17535 MEDIUM POC
6.1 Oct 13

Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a

CVE-2019-9647 MEDIUM POC
6.1 Jun 05

Gila CMS 1.9.1 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication

CVE-2021-39486 MEDIUM POC
5.4 Oct 04

A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. Rated medium severity (CVSS 5.4), this vulnerab

CVE-2019-17536 MEDIUM POC
4.9 Oct 13

Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/c

CVE-2019-16679 MEDIUM POC
4.9 Sep 21

Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion. Rated medium severit

CVE-2019-11515 MEDIUM POC
4.9 Apr 25

core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary

Share

CVE-2020-5512 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy