Lokeshkumarv

**Name of the Vulnerable Software and Affected Versions** Gila CMS version 1.11.8 **Description** The issue allows for path traversal via the /admin/media endpoint. Specifically, the "path" parameter in the /admin/media?path=../ endpoint is vulnerable, allowing an attacker to traverse the directory structure. **Recommendations** For Gila CMS version 1.11.8, consider restricting access to the /admin/media endpoint until a patch is available. As a temporary workaround, avoid using the `path` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Gila CMS version 1.11.8 **Description** The issue allows for directory traversal via the /cm/delete API endpoint with the `t` parameter. This could potentially lead to unauthorized access to sensitive files. **Recommendations** For Gila CMS version 1.11.8, consider restricting access to the /cm/delete API endpoint until a patch is available. As a temporary workaround, avoid using the `t` parameter in the /cm/delete endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Gila CMS version 1.11.8 **Description** The issue allows for SQL Injection through the `/admin/sql` endpoint with a `query` parameter. This can potentially lead to unauthorized access or manipulation of database content. **Recommendations** For Gila CMS version 1.11.8, avoid using the `/admin/sql` endpoint with the `query` parameter until a patch is available. As a temporary workaround, consider restricting access to the `/admin/sql` endpoint to minimize the risk of exploitation.