Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Gila_cms
(Gilacms)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 25 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2023-06-20 | CVE-2020-20726 | Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter. | Gila_cms | 8.8 | ||
2020-01-06 | CVE-2020-5514 | Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI. | Gila_cms | 9.1 | ||
2020-01-06 | CVE-2020-5515 | Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. | Gila_cms | 7.2 | ||
2020-01-06 | CVE-2020-5512 | Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal. | Gila_cms | 6.8 | ||
2020-01-06 | CVE-2020-5513 | Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal. | Gila_cms | 6.8 | ||
2020-11-16 | CVE-2020-28692 | In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files. | Gila_cms | 7.2 | ||
2021-09-27 | CVE-2020-20692 | GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php. | Gila_cms | 7.2 | ||
2021-09-27 | CVE-2020-20693 | A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts. | Gila_cms | 8.8 | ||
2021-09-27 | CVE-2020-20695 | A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file. | Gila_cms | 5.4 | ||
2021-09-27 | CVE-2020-20696 | A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field. | Gila_cms | 5.4 |