Vulnerabilities > Gilacms > Gila CMS > 1.11.8

DATE CVE VULNERABILITY TITLE RISK
2024-01-02 CVE-2020-26623 SQL Injection vulnerability in Gilacms Gila CMS
SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal.
network
low complexity
gilacms CWE-89
3.8
3.8
2024-01-02 CVE-2020-26624 SQL Injection vulnerability in Gilacms Gila CMS
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal.
network
low complexity
gilacms CWE-89
3.8
3.8
2024-01-02 CVE-2020-26625 SQL Injection vulnerability in Gilacms Gila CMS
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.
network
low complexity
gilacms CWE-89
3.8
3.8
2020-01-06 CVE-2020-5513 Path Traversal vulnerability in Gilacms Gila CMS 1.11.8
Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal.
network
low complexity
gilacms CWE-22
6.8
6.8
2020-01-06 CVE-2020-5512 Path Traversal vulnerability in Gilacms Gila CMS 1.11.8
Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal.
network
low complexity
gilacms CWE-22
6.8
6.8
2020-01-06 CVE-2020-5515 SQL Injection vulnerability in Gilacms Gila CMS 1.11.8
Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.
network
low complexity
gilacms CWE-89
7.2
7.2
2020-01-06 CVE-2020-5514 Unrestricted Upload of File with Dangerous Type vulnerability in Gilacms Gila CMS 1.11.8
Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.
network
low complexity
gilacms CWE-434
critical
 9.1
9.1