From c920ec76692169a58c697d4d345ad4c27e7b271a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 6 Jan 2020 20:01:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2014/1xxx/CVE-2014-1850.json | 14 +++--- 2014/3xxx/CVE-2014-3743.json | 63 +++++++++++++++++++++++++- 2019/16xxx/CVE-2019-16272.json | 62 ++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16273.json | 62 ++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16274.json | 62 ++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16716.json | 72 ++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16717.json | 77 ++++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18179.json | 81 ++++++++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19509.json | 66 ++++++++++++++++++++++++--- 2019/19xxx/CVE-2019-19585.json | 61 ++++++++++++++++++++++--- 2020/5xxx/CVE-2020-5204.json | 4 +- 2020/5xxx/CVE-2020-5512.json | 56 ++++++++++++++++++++--- 2020/5xxx/CVE-2020-5513.json | 61 ++++++++++++++++++++++--- 13 files changed, 706 insertions(+), 35 deletions(-) create mode 100644 2019/16xxx/CVE-2019-16272.json create mode 100644 2019/16xxx/CVE-2019-16273.json create mode 100644 2019/16xxx/CVE-2019-16274.json create mode 100644 2019/16xxx/CVE-2019-16716.json create mode 100644 2019/16xxx/CVE-2019-16717.json create mode 100644 2019/18xxx/CVE-2019-18179.json diff --git a/2014/1xxx/CVE-2014-1850.json b/2014/1xxx/CVE-2014-1850.json index 06531fa0836..7f69a72cfdc 100644 --- a/2014/1xxx/CVE-2014-1850.json +++ b/2014/1xxx/CVE-2014-1850.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2014-1850", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-1850", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3743. Reason: This candidate is a duplicate of CVE-2014-3743. Notes: All CVE users should reference CVE-2014-3743 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2014/3xxx/CVE-2014-3743.json b/2014/3xxx/CVE-2014-3743.json index 6a7a3e7980c..e57ce15d9b2 100644 --- a/2014/3xxx/CVE-2014-3743.json +++ b/2014/3xxx/CVE-2014-3743.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3743", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities", + "url": "https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/05/13/1", + "url": "http://www.openwall.com/lists/oss-security/2014/05/13/1" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/05/15/2", + "url": "http://www.openwall.com/lists/oss-security/2014/05/15/2" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3743", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3743" } ] } diff --git a/2019/16xxx/CVE-2019-16272.json b/2019/16xxx/CVE-2019-16272.json new file mode 100644 index 00000000000..f441711a746 --- /dev/null +++ b/2019/16xxx/CVE-2019-16272.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On DTEN D5 and D7 before 1.3.4 devices, factory settings allows for firmware reflash and Android Debug Bridge (adb) enablement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.forescout.com/company/blog/dten-vulnerability/", + "url": "https://www.forescout.com/company/blog/dten-vulnerability/" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16273.json b/2019/16xxx/CVE-2019-16273.json new file mode 100644 index 00000000000..c3972cef4cd --- /dev/null +++ b/2019/16xxx/CVE-2019-16273.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge (adb), leading to arbitrary code execution and system administration. Also, this provides a covert ability to capture screen data from the Zoom Client on Windows by executing commands on the Android OS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.forescout.com/company/blog/dten-vulnerability/", + "url": "https://www.forescout.com/company/blog/dten-vulnerability/" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16274.json b/2019/16xxx/CVE-2019-16274.json new file mode 100644 index 00000000000..d403c36a478 --- /dev/null +++ b/2019/16xxx/CVE-2019-16274.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.forescout.com/company/blog/dten-vulnerability/", + "url": "https://www.forescout.com/company/blog/dten-vulnerability/" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16716.json b/2019/16xxx/CVE-2019-16716.json new file mode 100644 index 00000000000..c6397b01280 --- /dev/null +++ b/2019/16xxx/CVE-2019-16716.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16716", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OX App Suite through 7.10.2 has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "FULLDISC", + "name": "20200103 Open-Xchange Security Advisory 2020-01-02", + "url": "http://seclists.org/fulldisclosure/2020/Jan/7" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2020/Jan/7", + "url": "http://seclists.org/fulldisclosure/2020/Jan/7" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html", + "url": "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16717.json b/2019/16xxx/CVE-2019-16717.json new file mode 100644 index 00000000000..ba582a7f22a --- /dev/null +++ b/2019/16xxx/CVE-2019-16717.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OX App Suite through 7.10.2 has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.open-xchange.com/", + "refsource": "MISC", + "name": "https://www.open-xchange.com/" + }, + { + "refsource": "FULLDISC", + "name": "20200103 Open-Xchange Security Advisory 2020-01-02", + "url": "http://seclists.org/fulldisclosure/2020/Jan/7" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2020/Jan/7", + "url": "http://seclists.org/fulldisclosure/2020/Jan/7" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html", + "url": "http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18179.json b/2019/18xxx/CVE-2019-18179.json new file mode 100644 index 00000000000..40db3b52a9a --- /dev/null +++ b/2019/18xxx/CVE-2019-18179.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/", + "refsource": "MISC", + "name": "https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200101 [SECURITY] [DLA 2053-1] otrs2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00000.html" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19509.json b/2019/19xxx/CVE-2019-19509.json index 371fe2d50b4..99ae104088e 100644 --- a/2019/19xxx/CVE-2019-19509.json +++ b/2019/19xxx/CVE-2019-19509.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19509", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19509", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://raw.githubusercontent.com/v1k1ngfr/exploits/master/rconfig_exploit.py?token=", + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/v1k1ngfr/exploits/master/rconfig_exploit.py?token=" + }, + { + "url": "https://github.com/v1k1ngfr", + "refsource": "MISC", + "name": "https://github.com/v1k1ngfr" + }, + { + "refsource": "MISC", + "name": "https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfig_CVE-2019-19509.py", + "url": "https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfig_CVE-2019-19509.py" } ] } diff --git a/2019/19xxx/CVE-2019-19585.json b/2019/19xxx/CVE-2019-19585.json index f65fc133f8b..2536e9a193f 100644 --- a/2019/19xxx/CVE-2019-19585.json +++ b/2019/19xxx/CVE-2019-19585.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19585", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19585", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an \"rConfig specific Apache configuration\" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://raw.githubusercontent.com/v1k1ngfr/exploits/master/rconfig_lpe.sh?token=", + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/v1k1ngfr/exploits/master/rconfig_lpe.sh?token=" + }, + { + "refsource": "MISC", + "name": "https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfig_lpe.sh", + "url": "https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfig_lpe.sh" } ] } diff --git a/2020/5xxx/CVE-2020-5204.json b/2020/5xxx/CVE-2020-5204.json index a3393f8b7d5..e0206afe98a 100644 --- a/2020/5xxx/CVE-2020-5204.json +++ b/2020/5xxx/CVE-2020-5204.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses (len('255.255.255.255') == 16), but the format specifier %d allows more than 3 digits.\n\nThis has been fixed in version 2.11" + "value": "In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses (len('255.255.255.255') == 16), but the format specifier %d allows more than 3 digits. This has been fixed in version 2.11" } ] }, @@ -85,4 +85,4 @@ "advisory": "GHSA-wrpr-xw7q-9wvq", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5512.json b/2020/5xxx/CVE-2020-5512.json index 1afce0cd8a9..98233b2fab8 100644 --- a/2020/5xxx/CVE-2020-5512.json +++ b/2020/5xxx/CVE-2020-5512.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5512", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5512", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://infosecdb.wordpress.com/2020/01/05/gilacms-1-11-8-admin-mediapath-directory-traversal/", + "url": "https://infosecdb.wordpress.com/2020/01/05/gilacms-1-11-8-admin-mediapath-directory-traversal/" } ] } diff --git a/2020/5xxx/CVE-2020-5513.json b/2020/5xxx/CVE-2020-5513.json index 4c56a3a4cc5..0a236a3200b 100644 --- a/2020/5xxx/CVE-2020-5513.json +++ b/2020/5xxx/CVE-2020-5513.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5513", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5513", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gilacms.com/blog", + "refsource": "MISC", + "name": "https://gilacms.com/blog" + }, + { + "refsource": "MISC", + "name": "https://infosecdb.wordpress.com/2020/01/05/gilacms-1-11-8-cm-deletet-lfi-local-file-inclusion-and-rce/", + "url": "https://infosecdb.wordpress.com/2020/01/05/gilacms-1-11-8-cm-deletet-lfi-local-file-inclusion-and-rce/" } ] }