2 matches found
CVE-2019-11515
core/classes/dbbackup.php in Gila CMS 1.10.1 allows admin/dbbackup?download= absolute path traversal to read arbitrary files...
CVE-2019-11515
Gila CMS 1.10.1 is affected by CVE-2019-11515 where core/classes/db_backup.php allows absolute path traversal via admin/db_backup?download=, enabling reading arbitrary files. This is documented across multiple sources (NVD/RH/NVD mirror/CVE lists). The root cause is a path traversal in the backup...