PT-2020-18491 · Gila · Gila Cms
Published
2020-01-06
·
Updated
2020-01-09
·
CVE-2020-5514
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Gila CMS version 1.11.8
Description
The issue allows for the unrestricted upload of a file with a dangerous type via
.phar or .phtml to the /lzld/thumb?src= API endpoint. This could potentially lead to security risks.Recommendations
For Gila CMS version 1.11.8, restrict access to the
/lzld/thumb?src= API endpoint to prevent the upload of malicious files until a fix is available. Consider implementing file type validation and restrictions to mitigate the risk of exploitation.Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gila Cms