Product
gilacms gila cms
25 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-7657
CVE-2020-26625
CVE-2020-26624
CVE-2020-26623
CVE-2020-20523
CVE-2020-20726
CVE-2021-39486
CVE-2021-37777
CVE-2020-20696
CVE-2020-20695
CVE-2020-20693
CVE-2020-20692
CVE-2020-28692
CVE-2019-20804
CVE-2019-20803
CVE-2020-5513
CVE-2020-5512
CVE-2020-5515
CVE-2020-5514
CVE-2019-17536
CVE-2019-17535
CVE-2019-16679
CVE-2019-9647
CVE-2019-11515
CVE-2019-11456
all versions
A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/up
<= 1.15.4
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary we
<= 1.15.4
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary we
<= 1.15.4
SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts vi
all versions
Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbi
all versions
Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/up
all versions
A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or t
all versions
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by anot
all versions
A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scr
all versions
A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via
all versions
A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.
all versions
GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php.
all versions
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP
< 1.11.6
Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.
< 1.11.6
Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.
all versions
Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal.
all versions
Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal.
all versions
Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.
all versions
Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.
<= 1.11.4
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers
<= 1.11.4
Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related i
< 1.11.1
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.
all versions
Gila CMS 1.9.1 has XSS.
all versions
core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files.
all versions
Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code.