Product:

Gila_cms

(Gilacms)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 25
Date Id Summary Products Score Patch Annotated
2021-10-04 CVE-2021-39486 A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim's browser. Gila_cms 5.4
2021-09-27 CVE-2020-20692 GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php. Gila_cms 7.2
2021-09-27 CVE-2020-20693 A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts. Gila_cms 8.8
2021-09-27 CVE-2020-20695 A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file. Gila_cms 5.4
2021-09-27 CVE-2020-20696 A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field. Gila_cms 5.4
2020-11-16 CVE-2020-28692 In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files. Gila_cms 7.2
2020-01-06 CVE-2020-5514 Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI. Gila_cms N/A
2020-01-06 CVE-2020-5513 Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal. Gila_cms N/A
2020-01-06 CVE-2020-5512 Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal. Gila_cms N/A
2019-10-13 CVE-2019-17536 Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move. Gila_cms N/A