PT-2020-18489 · Gila · Gila Cms

Lokeshkumarv

Published

2020-01-06

Updated

2020-01-08

CVE-2020-5512

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Gila CMS version 1.11.8

Description The issue allows for path traversal via the /admin/media endpoint. Specifically, the "path" parameter in the /admin/media?path=../ endpoint is vulnerable, allowing an attacker to traverse the directory structure.

Recommendations For Gila CMS version 1.11.8, consider restricting access to the /admin/media endpoint until a patch is available. As a temporary workaround, avoid using the path parameter in the affected endpoint to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2020-5512

Affected Products

Gila Cms

PT-2020-18489 · Gila · Gila Cms

CVE-2020-5512

Weakness Enumeration

Related Identifiers

Affected Products

References · 3