CVE-2020-28692: Malicious File Upload
First published: Mon Nov 16 2020(Updated: )
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tina Tinacms | =1.16.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-28692?
CVE-2020-28692 is a vulnerability in Gila CMS 1.16.0, which allows an attacker to upload a shell to the tmp directory and abuse .htaccess through the logs function to execute PHP files.
How severe is CVE-2020-28692?
CVE-2020-28692 has a severity rating of 7.2, which is considered high.
How can an attacker exploit CVE-2020-28692?
An attacker can exploit CVE-2020-28692 by uploading a shell to the tmp directory and abusing .htaccess through the logs function to execute PHP files.
What is the affected software version?
The affected software version is Gila CMS 1.16.0.
Is there a workaround or fix for CVE-2020-28692?
To mitigate CVE-2020-28692, it is recommended to update to a patched version of Gila CMS or apply any available security patches provided by the vendor.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gilacms
- canonical/tina tinacms
- version/tina tinacms/1.16.0