CVE Daily

CVE-2020-5514

Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via ...

Critical CVSS 9.1

Overview

Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.

CWE: CWE-434 Published: 2020-01-06T19:15:11.577
Risk analysis

This vulnerability is rated 🔴 CRITICAL.

  • CVSS: 9.1 (CRITICAL)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags