Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gila cms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-17535
Gila CMS up to and including 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.
Gilacms Gila Cms
4
CVSSv2
CVE-2019-17536
Gila CMS up to and including 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
Gilacms Gila Cms
NA
CVE-2020-26623
SQL Injection vulnerability discovered in Gila CMS 1.15.4 and previous versions allows a remote malicious user to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal.
Gilacms Gila Cms
NA
CVE-2020-26624
A SQL injection vulnerability exists in Gila CMS 1.15.4 and previous versions which allows a remote malicious user to execute arbitrary web scripts via the ID parameter after the login portal.
Gilacms Gila Cms
NA
CVE-2020-26625
A SQL injection vulnerability exists in Gila CMS 1.15.4 and previous versions which allows a remote malicious user to execute arbitrary web scripts via the 'user_id' parameter after the login portal.
Gilacms Gila Cms
6.8
CVSSv2
CVE-2019-20804
Gila CMS prior to 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.
Gilacms Gila Cms
4.3
CVSSv2
CVE-2019-20803
Gila CMS prior to 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.
Gilacms Gila Cms
4
CVSSv2
CVE-2019-16679
Gila CMS prior to 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.
Gilacms Gila Cms
1 EDB exploit
6.8
CVSSv2
CVE-2020-5512
Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal.
Gilacms Gila Cms 1.11.8
6.5
CVSSv2
CVE-2020-20692
GilaCMS v1.11.4 exists to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php.
Gilacms Gila Cms 1.11.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »