Vulnerabilities > Gilacms > Gila CMS > High

DATE CVE VULNERABILITY TITLE RISK
2023-06-20 CVE-2020-20726 Cross-Site Request Forgery (CSRF) vulnerability in Gilacms Gila CMS 1.11.4
Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter.
network
low complexity
gilacms CWE-352
8.8
8.8
2020-05-21 CVE-2019-20804 Cross-Site Request Forgery (CSRF) vulnerability in Gilacms Gila CMS
Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.
network
low complexity
gilacms CWE-352
8.8
8.8
2020-01-06 CVE-2020-5515 SQL Injection vulnerability in Gilacms Gila CMS 1.11.8
Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.
network
low complexity
gilacms CWE-89
7.2
7.2