Vulnerability Details : CVE-2020-5514
Potential exploit
Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.
Products affected by CVE-2020-5514
- cpe:2.3:a:gilacms:gila_cms:1.11.8:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-5514
0.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-5514
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
9.1
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
2.3
|
6.0
|
NIST |
CWE ids for CVE-2020-5514
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-5514
-
https://infosecdb.wordpress.com/2020/01/05/gilacms-1-11-8-remote-code-execution/
GilaCMS 1.11.8 – Remote Code Execution – InfoSecDBExploit;Third Party Advisory
Jump to