mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 09:12:08 +00:00
755 B
755 B
CVE-2019-17536
Description
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
POC
Reference
- https://rastating.github.io/gila-cms-upload-filter-bypass-and-rce/
- https://rastating.github.io/gila-cms-upload-filter-bypass-and-rce/
Github
No PoCs found on GitHub currently.