SB2020010705 - Multiple vulnerabilities in Gila CMS
Published: January 7, 2020 Updated: January 29, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) SQL injection (CVE-ID: CVE-2020-5515)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in "/admin/sql?query=". A remote authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
2) Code Injection (CVE-ID: CVE-2020-5514)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the "lzld/thumb?src=" URI. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Path traversal (CVE-ID: CVE-2020-5513)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in "/cm/delete?t=". A remote authenticated attacker can send a specially crafted HTTP request and execute arbitrary code on the target system.
4) Path traversal (CVE-ID: CVE-2020-5512)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in "/admin/media?path=". A remote authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system.
Remediation
Install update from vendor's website.
References
- https://infosecdb.wordpress.com/2020/01/05/gilacms-1-11-8-admin-sqlquery-sql-injection/
- https://infosecdb.wordpress.com/2020/01/05/gilacms-1-11-8-remote-code-execution/
- https://gilacms.com/blog
- https://infosecdb.wordpress.com/2020/01/05/gilacms-1-11-8-cm-deletet-lfi-local-file-inclusion-and-rce/
- https://infosecdb.wordpress.com/2020/01/05/gilacms-1-11-8-admin-mediapath-directory-traversal/