5.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.2%
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
github.com/GilaCMS/gila/pull/49
rastating.github.io/gila-cms-upload-filter-bypass-and-rce/