Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gilacms vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2019-17535
Gila CMS up to and including 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.
Gilacms Gila Cms
356
VMScore
CVE-2019-17536
Gila CMS up to and including 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
Gilacms Gila Cms
NA
CVE-2020-26623
SQL Injection vulnerability discovered in Gila CMS 1.15.4 and previous versions allows a remote malicious user to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal.
Gilacms Gila Cms
NA
CVE-2020-26624
A SQL injection vulnerability exists in Gila CMS 1.15.4 and previous versions which allows a remote malicious user to execute arbitrary web scripts via the ID parameter after the login portal.
Gilacms Gila Cms
NA
CVE-2020-26625
A SQL injection vulnerability exists in Gila CMS 1.15.4 and previous versions which allows a remote malicious user to execute arbitrary web scripts via the 'user_id' parameter after the login portal.
Gilacms Gila Cms
386
VMScore
CVE-2019-20803
Gila CMS prior to 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.
Gilacms Gila Cms
608
VMScore
CVE-2019-20804
Gila CMS prior to 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.
Gilacms Gila Cms
405
VMScore
CVE-2019-16679
Gila CMS prior to 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.
Gilacms Gila Cms
1 EDB exploit
578
VMScore
CVE-2020-28692
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.
Gilacms Gila Cms 1.16.0
1 Github repository
605
VMScore
CVE-2019-11456
Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code.
Gilacms Gila Cms 1.10.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »