Gila Cms

gila_cms

Vendor: Gilacms • 25 CVEs

CVEs (25)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-7657 1Gilacms 1Gila Cms Aug 15, 2024 Aug 12, 2024 5.3 MEDIUM· v4 5.4 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/update_rows/page?id=2 of the component HTTP POST Request Handler. The manipulation of the ar...Show more A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/update_rows/page?id=2 of the component HTTP POST Request Handler. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2020-26625 1Gilacms 1Gila Cms May 16, 2025 Jan 2, 2024 N/A· v4 3.8 LOW· v3 N/A· v2 A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.
CVE-2020-26624 1Gilacms 1Gila Cms Jun 17, 2025 Jan 2, 2024 N/A· v4 3.8 LOW· v3 N/A· v2 A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal.
CVE-2020-26623 1Gilacms 1Gila Cms Jun 3, 2025 Jan 2, 2024 N/A· v4 3.8 LOW· v3 N/A· v2 SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal.
CVE-2020-20523 1Gilacms 1Gila Cms Nov 21, 2024 Aug 11, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation.
CVE-2020-20726 1Gilacms 1Gila Cms Dec 11, 2024 Jun 20, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter.
CVE-2021-39486 1Gilacms 1Gila Cms Nov 21, 2024 Oct 4, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim's browser.
CVE-2021-37777 1Gilacms 1Gila Cms Nov 21, 2024 Oct 4, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This lea...Show more Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure.Show less
CVE-2020-20696 1Gilacms 1Gila Cms Nov 21, 2024 Sep 27, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field.
CVE-2020-20695 1Gilacms 1Gila Cms Nov 21, 2024 Sep 27, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.
CVE-2020-20693 1Gilacms 1Gila Cms Nov 21, 2024 Sep 27, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.
CVE-2020-20692 1Gilacms 1Gila Cms Nov 21, 2024 Sep 27, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php.
CVE-2020-28692 1Gilacms 1Gila Cms Nov 21, 2024 Nov 16, 2020 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.
CVE-2019-20804 1Gilacms 1Gila Cms Nov 21, 2024 May 21, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.
CVE-2019-20803 1Gilacms 1Gila Cms Nov 21, 2024 May 21, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.
CVE-2020-5513 1Gilacms 1Gila Cms Nov 21, 2024 Jan 6, 2020 N/A· v4 6.8 MEDIUM· v3 6.8 MEDIUM· v2 Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal.
CVE-2020-5512 1Gilacms 1Gila Cms Nov 21, 2024 Jan 6, 2020 N/A· v4 6.8 MEDIUM· v3 6.8 MEDIUM· v2 Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal.
CVE-2020-5515 1Gilacms 1Gila Cms Nov 21, 2024 Jan 6, 2020 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.
CVE-2020-5514 1Gilacms 1Gila Cms Nov 21, 2024 Jan 6, 2020 N/A· v4 9.1 CRITICAL· v3 9.0 HIGH· v2 Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.
CVE-2019-17536 1Gilacms 1Gila Cms Nov 21, 2024 Oct 13, 2019 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.

12 Next