Unrestricted File Upload Vulnerability in Gila CMS 1.11.4

Unrestricted File Upload Vulnerability in Gila CMS 1.11.4

CVE-2019-17536 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.

Learn more about our Cms Pen Testing.