Vulnerabilities > Gilacms > Gila CMS > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-20 | CVE-2020-20726 | Cross-Site Request Forgery (CSRF) vulnerability in Gilacms Gila CMS 1.11.4 Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter. | 8.8 |
| 2021-10-04 | CVE-2021-37777 | Authorization Bypass Through User-Controlled Key vulnerability in Gilacms Gila CMS 2.2.0 Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). | 7.5 |
| 2021-09-27 | CVE-2020-20692 | SQL Injection vulnerability in Gilacms Gila CMS 1.11.4 GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php. | 7.2 |
| 2021-09-27 | CVE-2020-20693 | Cross-Site Request Forgery (CSRF) vulnerability in Gilacms Gila CMS 1.11.4 A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts. | 8.8 |
| 2020-11-16 | CVE-2020-28692 | Unrestricted Upload of File with Dangerous Type vulnerability in Gilacms Gila CMS 1.16.0 In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files. | 7.2 |
| 2020-05-21 | CVE-2019-20804 | Cross-Site Request Forgery (CSRF) vulnerability in Gilacms Gila CMS Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account. | 8.8 |
| 2020-01-06 | CVE-2020-5515 | SQL Injection vulnerability in Gilacms Gila CMS 1.11.8 Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. | 7.2 |
| 2019-04-22 | CVE-2019-11456 | Cross-Site Request Forgery (CSRF) vulnerability in Gilacms Gila CMS 1.10.1 Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. | 8.8 |