CVE-2020-551306.01.2020, 20:15Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal.Path TraversalEnginsightSeverityMEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NAtk. VectorNETWORKAtk. ComplexityLOWPriv. RequiredHIGHBase ScoreCVSS 3.xEPSS ScorePercentile: 83%VendorProductVersiongilacmsgila_cms1.11.8𝑥= Vulnerable software versionsKnown Exploits!https://infosecdb.wordpress.com/2020/01/05/gilacms-1-11-8-cm-deletet-lfi-local-file-inclusion-and-rce/Common Weakness EnumerationCWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Referenceshttps://gilacms.com/bloghttps://infosecdb.wordpress.com/2020/01/05/gilacms-1-11-8-cm-deletet-lfi-local-file-inclusion-and-rce/