Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gila cms vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-11515
core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files.
Gilacms Gila Cms 1.10.1
NA
CVE-2020-20523
Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote malicious users to execute arbitrary code during the Gila CMS installation.
Gilacms Gila Cms 1.11.3
6.5
CVSSv2
CVE-2020-20692
GilaCMS v1.11.4 exists to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php.
Gilacms Gila Cms 1.11.4
6.8
CVSSv2
CVE-2020-20693
A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated malicious users to arbitrarily add administrator accounts.
Gilacms Gila Cms 1.11.4
3.5
CVSSv2
CVE-2020-20695
A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows malicious users to execute arbitrary web scripts or HTML via a crafted SVG file.
Gilacms Gila Cms 1.11.4
3.5
CVSSv2
CVE-2020-20696
A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in the Tags field.
Gilacms Gila Cms 1.11.4
NA
CVE-2020-20726
Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote malicious user to execute arbitrary code via the cm/update_rows/user parameter.
Gilacms Gila Cms 1.11.4
6.8
CVSSv2
CVE-2020-5512
Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal.
Gilacms Gila Cms 1.11.8
9
CVSSv2
CVE-2020-5514
Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.
Gilacms Gila Cms 1.11.8
6.5
CVSSv2
CVE-2020-5515
Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.
Gilacms Gila Cms 1.11.8
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »