Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-10-13T17:52:39
Updated: 2024-08-05T01:40:15.793Z
Reserved: 2019-10-13T00:00:00
Link: CVE-2019-17536
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-10-13T18:15:10.473
Modified: 2019-10-17T20:21:39.157
Link: CVE-2019-17536
Redhat
No data.