Search
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37777 | 1 Gilacms | 1 Gila Cms | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure. | |||||
| CVE-2020-20693 | 1 Gilacms | 1 Gila Cms | 2021-10-01 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts. | |||||
| CVE-2020-20692 | 1 Gilacms | 1 Gila Cms | 2021-10-01 | 6.5 MEDIUM | 7.2 HIGH |
| GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php. | |||||
| CVE-2020-28692 | 1 Gilacms | 1 Gila Cms | 2020-11-30 | 6.5 MEDIUM | 7.2 HIGH |
| In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files. | |||||
| CVE-2019-20804 | 1 Gilacms | 1 Gila Cms | 2020-06-23 | 6.8 MEDIUM | 8.8 HIGH |
| Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account. | |||||
| CVE-2020-5515 | 1 Gilacms | 1 Gila Cms | 2020-06-18 | 6.5 MEDIUM | 7.2 HIGH |
| Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. | |||||
| CVE-2019-11456 | 1 Gilacms | 1 Gila Cms | 2019-04-26 | 6.8 MEDIUM | 8.8 HIGH |
| Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. | |||||