CVE-2019-17536

Name of the Vulnerable Software and Affected Versions Gila CMS versions prior to 1.11.5

Description The issue allows an attacker to upload a file with a dangerous type via the moveAction function in core/controllers/fm.php. This can be achieved by using the admin/media upload and fm/move endpoints.

Recommendations For versions prior to 1.11.5, update to version 1.11.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the moveAction function in core/controllers/fm.php to minimize the risk of exploitation. Avoid using the admin/media upload and fm/move endpoints until the issue is resolved.