Vulnerabilities > Gilacms > Gila CMS > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2024-7657 Cross-site Scripting vulnerability in Gilacms Gila CMS 1.10.9
A vulnerability classified as problematic was found in Gila CMS 1.10.9.
network
low complexity
gilacms CWE-79
5.4
2023-08-11 CVE-2020-20523 Cross-site Scripting vulnerability in Gilacms Gila CMS 1.11.3
Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation.
network
low complexity
gilacms CWE-79
6.1
2021-10-04 CVE-2021-37777 Authorization Bypass Through User-Controlled Key vulnerability in Gilacms Gila CMS 2.2.0
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR).
network
low complexity
gilacms CWE-639
5.0
2021-09-27 CVE-2020-20692 SQL Injection vulnerability in Gilacms Gila CMS 1.11.4
GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php.
network
low complexity
gilacms CWE-89
6.5
2021-09-27 CVE-2020-20693 Cross-Site Request Forgery (CSRF) vulnerability in Gilacms Gila CMS 1.11.4
A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.
network
gilacms CWE-352
6.8
2020-11-16 CVE-2020-28692 Unrestricted Upload of File with Dangerous Type vulnerability in Gilacms Gila CMS 1.16.0
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.
network
low complexity
gilacms CWE-434
6.5
2020-05-21 CVE-2019-20803 Cross-site Scripting vulnerability in Gilacms Gila CMS
Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.
network
low complexity
gilacms CWE-79
6.1
2020-01-06 CVE-2020-5513 Path Traversal vulnerability in Gilacms Gila CMS 1.11.8
Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal.
network
low complexity
gilacms CWE-22
6.8
2020-01-06 CVE-2020-5512 Path Traversal vulnerability in Gilacms Gila CMS 1.11.8
Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal.
network
low complexity
gilacms CWE-22
6.8
2019-10-13 CVE-2019-17536 Unrestricted Upload of File with Dangerous Type vulnerability in Gilacms Gila CMS
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php.
network
low complexity
gilacms CWE-434
4.0