Vulnerabilities (CVE)

Filtered by vendor Gilacms Subscribe
Total 13 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-28692 1 Gilacms 1 Gila Cms 2020-11-30 6.5 MEDIUM 7.2 HIGH
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.
CVE-2019-20803 1 Gilacms 1 Gila Cms 2020-06-23 4.3 MEDIUM 6.1 MEDIUM
Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.
CVE-2019-20804 1 Gilacms 1 Gila Cms 2020-06-23 6.8 MEDIUM 8.8 HIGH
Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.
CVE-2020-5515 1 Gilacms 1 Gila Cms 2020-06-18 6.5 MEDIUM 7.2 HIGH
Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.
CVE-2020-5514 1 Gilacms 1 Gila Cms 2020-01-09 9.0 HIGH 9.1 CRITICAL
Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.
CVE-2020-5513 1 Gilacms 1 Gila Cms 2020-01-08 6.8 MEDIUM 6.8 MEDIUM
Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal.
CVE-2020-5512 1 Gilacms 1 Gila Cms 2020-01-08 6.8 MEDIUM 6.8 MEDIUM
Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal.
CVE-2019-17536 1 Gilacms 1 Gila Cms 2019-10-17 4.0 MEDIUM 4.9 MEDIUM
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
CVE-2019-17535 1 Gilacms 1 Gila Cms 2019-10-16 4.3 MEDIUM 6.1 MEDIUM
Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.
CVE-2019-16679 1 Gilacms 1 Gila Cms 2019-09-23 4.0 MEDIUM 4.9 MEDIUM
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.
CVE-2019-9647 1 Gilacms 1 Gila Cms 2019-06-06 4.3 MEDIUM 6.1 MEDIUM
Gila CMS 1.9.1 has XSS.
CVE-2019-11515 1 Gilacms 1 Gila Cms 2019-04-27 4.0 MEDIUM 4.9 MEDIUM
core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files.
CVE-2019-11456 1 Gilacms 1 Gila Cms 2019-04-26 6.8 MEDIUM 8.8 HIGH
Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code.