Gilacms: >> Gila Cms Security Vulnerabilities
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
CVSS Score
9.9
EPSS Score
0.004
Published
2019-10-13
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.
CVSS Score
4.9
EPSS Score
0.025
Published
2019-09-21
Gila CMS 1.9.1 has XSS.
CVSS Score
6.1
EPSS Score
0.014
Published
2019-06-05
core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files.
CVSS Score
4.9
EPSS Score
0.004
Published
2019-04-25
Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-04-22
Page 3