Unrestricted File Upload Vulnerability in Gila CMS 1.11.4
CVE-2019-17536 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
Learn more about our Cms Pen Testing.