Product:

Gila_cms

(Gilacms)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 25
Date Id Summary Products Score Patch Annotated
2024-01-02 CVE-2020-26624 A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal. Gila_cms 3.8
2024-01-02 CVE-2020-26623 SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal. Gila_cms 3.8
2024-01-02 CVE-2020-26625 A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal. Gila_cms 3.8
2023-06-20 CVE-2020-20726 Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter. Gila_cms 8.8
2020-01-06 CVE-2020-5514 Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI. Gila_cms 9.1
2020-01-06 CVE-2020-5515 Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. Gila_cms 7.2
2020-01-06 CVE-2020-5512 Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal. Gila_cms 6.8
2020-01-06 CVE-2020-5513 Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal. Gila_cms 6.8
2020-11-16 CVE-2020-28692 In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files. Gila_cms 7.2
2021-09-27 CVE-2020-20692 GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php. Gila_cms 7.2