Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Gila_cms
(Gilacms)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 25 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-10-13 | CVE-2019-17536 | Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move. | Gila_cms | N/A | ||
2019-10-13 | CVE-2019-17535 | Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647. | Gila_cms | N/A | ||
2019-09-21 | CVE-2019-16679 | Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion. | Gila_cms | N/A | ||
2019-06-05 | CVE-2019-9647 | Gila CMS 1.9.1 has XSS. | Gila_cms | 6.1 | ||
2019-04-25 | CVE-2019-11515 | core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files. | Gila_cms | 4.9 | ||
2019-04-22 | CVE-2019-11456 | Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. | Gila_cms | 8.8 |