CVE-2019-17536

Published October 13th, 2019

View on NVD ↗

CVSS v3

4.9

MEDIUM

CVSS v2

MEDIUM

Affected

PROJECT

Description

Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.

GilaCMS/gila

A lightweight and fast CMS system built with PHP

GitHub