exploitDog

GHSA-43m6-mm77-vrc8

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 4.9

Описание

Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.

Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.

Ссылки

EPSS

Процентиль: 60%

0.00403

Низкий

4.9 Medium

CVSS3

CVE ID

Дефекты

CWE-434

Связанные уязвимости

CVE-2019-17536

CVSS3: 4.9

nvd

больше 6 лет назад

Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.

EPSS

Процентиль: 60%

0.00403

Низкий

4.9 Medium

CVSS3

CVE ID

Дефекты

CWE-434