Description
Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://infosecdb.wordpress.com/2020/01/05/gilacms-1-11-8-remote-code-execution/
Scores
CVSS v3
9.1
EPSS
0.0079
EPSS Percentile
74.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
gilacms/gila_cms
1.11.8
Published
Jan 06, 2020
Tracked Since
Feb 18, 2026