Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gilacms vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-17536
Gila CMS up to and including 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
Gilacms Gila Cms
4.3
CVSSv2
CVE-2019-17535
Gila CMS up to and including 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.
Gilacms Gila Cms
4.3
CVSSv2
CVE-2019-20803
Gila CMS prior to 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.
Gilacms Gila Cms
6.8
CVSSv2
CVE-2019-20804
Gila CMS prior to 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.
Gilacms Gila Cms
4
CVSSv2
CVE-2019-16679
Gila CMS prior to 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.
Gilacms Gila Cms
1 EDB exploit
NA
CVE-2020-26623
SQL Injection vulnerability discovered in Gila CMS 1.15.4 and previous versions allows a remote malicious user to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal.
Gilacms Gila Cms
NA
CVE-2020-26624
A SQL injection vulnerability exists in Gila CMS 1.15.4 and previous versions which allows a remote malicious user to execute arbitrary web scripts via the ID parameter after the login portal.
Gilacms Gila Cms
NA
CVE-2020-26625
A SQL injection vulnerability exists in Gila CMS 1.15.4 and previous versions which allows a remote malicious user to execute arbitrary web scripts via the 'user_id' parameter after the login portal.
Gilacms Gila Cms
6.8
CVSSv2
CVE-2020-5512
Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal.
Gilacms Gila Cms 1.11.8
6.5
CVSSv2
CVE-2020-5515
Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.
Gilacms Gila Cms 1.11.8
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400
CVE-2023-7252
CVE-2024-21111
denial of service
CVE-2024-29661
CVE-2024-22856
remote attackers
encryption
CVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »