Vulnerabilities > Gilacms > Gila CMS

DATE CVE VULNERABILITY TITLE RISK
2021-09-27 CVE-2020-20696 Cross-site Scripting vulnerability in Gilacms Gila CMS 1.11.4
A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field.
network
gilacms CWE-79
3.5
3.5
2020-11-16 CVE-2020-28692 Unrestricted Upload of File with Dangerous Type vulnerability in Gilacms Gila CMS 1.16.0
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.
network
low complexity
gilacms CWE-434
6.5
6.5
2020-05-21 CVE-2019-20804 Cross-Site Request Forgery (CSRF) vulnerability in Gilacms Gila CMS
Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.
network
low complexity
gilacms CWE-352
8.8
8.8
2020-05-21 CVE-2019-20803 Cross-site Scripting vulnerability in Gilacms Gila CMS
Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.
network
low complexity
gilacms CWE-79
6.1
6.1
2020-01-06 CVE-2020-5513 Path Traversal vulnerability in Gilacms Gila CMS 1.11.8
Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal.
network
low complexity
gilacms CWE-22
6.8
6.8
2020-01-06 CVE-2020-5512 Path Traversal vulnerability in Gilacms Gila CMS 1.11.8
Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal.
network
low complexity
gilacms CWE-22
6.8
6.8
2020-01-06 CVE-2020-5515 SQL Injection vulnerability in Gilacms Gila CMS 1.11.8
Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.
network
low complexity
gilacms CWE-89
7.2
7.2
2020-01-06 CVE-2020-5514 Unrestricted Upload of File with Dangerous Type vulnerability in Gilacms Gila CMS 1.11.8
Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.
network
low complexity
gilacms CWE-434
critical
 9.0
9.0
2019-10-13 CVE-2019-17536 Unrestricted Upload of File with Dangerous Type vulnerability in Gilacms Gila CMS
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php.
network
low complexity
gilacms CWE-434
4.0
4.0
2019-10-13 CVE-2019-17535 Cross-site Scripting vulnerability in Gilacms Gila CMS
Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.
network
gilacms CWE-79
4.3
4.3