What the vulnerability does
01Description
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
CVSS base score
CVSS vector
CVSS:3.0/AC:L/AV:N/A:L/C:H/I:H/PR:L/S:C/UI:N
What the vulnerability does
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
Key dates
External resources