Gilacms: >> Gila Cms >> 1.11.4 Security Vulnerabilities
Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.
CVSS Score
9.3
EPSS Score
0.003
Published
2019-10-13
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
CVSS Score
9.9
EPSS Score
0.004
Published
2019-10-13
Page 2