Product:

Gila_cms

(Gilacms)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 25
Date Id Summary Products Score Patch Annotated
2019-10-13 CVE-2019-17536 Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move. Gila_cms N/A
2019-10-13 CVE-2019-17535 Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647. Gila_cms N/A
2019-09-21 CVE-2019-16679 Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion. Gila_cms N/A
2019-06-05 CVE-2019-9647 Gila CMS 1.9.1 has XSS. Gila_cms 6.1
2019-04-25 CVE-2019-11515 core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files. Gila_cms 4.9
2019-04-22 CVE-2019-11456 Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. Gila_cms 8.8