Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gilacms vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2020-20696
A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in the Tags field.
Gilacms Gila Cms 1.11.4
6.5
CVSSv2
CVE-2020-28692
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.
Gilacms Gila Cms 1.16.0
1 Github repository
6.8
CVSSv2
CVE-2019-20804
Gila CMS prior to 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.
Gilacms Gila Cms
4.3
CVSSv2
CVE-2019-20803
Gila CMS prior to 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.
Gilacms Gila Cms
6.8
CVSSv2
CVE-2020-5512
Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal.
Gilacms Gila Cms 1.11.8
6.8
CVSSv2
CVE-2020-5513
Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal.
Gilacms Gila Cms 1.11.8
9
CVSSv2
CVE-2020-5514
Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.
Gilacms Gila Cms 1.11.8
6.5
CVSSv2
CVE-2020-5515
Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.
Gilacms Gila Cms 1.11.8
4.3
CVSSv2
CVE-2019-17535
Gila CMS up to and including 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.
Gilacms Gila Cms
4
CVSSv2
CVE-2019-17536
Gila CMS up to and including 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
Gilacms Gila Cms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »