Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gilacms gila cms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2020-26624
A SQL injection vulnerability exists in Gila CMS 1.15.4 and previous versions which allows a remote malicious user to execute arbitrary web scripts via the ID parameter after the login portal.
Gilacms Gila Cms
4
CVSSv2
CVE-2019-16679
Gila CMS prior to 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.
Gilacms Gila Cms
1 EDB exploit
4.3
CVSSv2
CVE-2019-20803
Gila CMS prior to 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.
Gilacms Gila Cms
4.3
CVSSv2
CVE-2019-17535
Gila CMS up to and including 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.
Gilacms Gila Cms
4
CVSSv2
CVE-2019-17536
Gila CMS up to and including 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
Gilacms Gila Cms
6.8
CVSSv2
CVE-2019-20804
Gila CMS prior to 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.
Gilacms Gila Cms
NA
CVE-2020-26623
SQL Injection vulnerability discovered in Gila CMS 1.15.4 and previous versions allows a remote malicious user to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal.
Gilacms Gila Cms
NA
CVE-2020-26625
A SQL injection vulnerability exists in Gila CMS 1.15.4 and previous versions which allows a remote malicious user to execute arbitrary web scripts via the 'user_id' parameter after the login portal.
Gilacms Gila Cms
6.8
CVSSv2
CVE-2020-5513
Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal.
Gilacms Gila Cms 1.11.8
9
CVSSv2
CVE-2020-5514
Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.
Gilacms Gila Cms 1.11.8
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »