Show filters
25 Total Results
Displaying 11-20 of 25
Sort by:
Attacker Value
Unknown
CVE-2020-20692
Disclosure Date: September 27, 2021 (last updated February 23, 2025)
GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php.
0
Attacker Value
Unknown
CVE-2020-20696
Disclosure Date: September 27, 2021 (last updated February 23, 2025)
A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field.
0
Attacker Value
Unknown
CVE-2020-28692
Disclosure Date: November 16, 2020 (last updated February 22, 2025)
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.
0
Attacker Value
Unknown
CVE-2019-20803
Disclosure Date: May 21, 2020 (last updated February 21, 2025)
Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.
0
Attacker Value
Unknown
CVE-2019-20804
Disclosure Date: May 21, 2020 (last updated February 21, 2025)
Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.
0
Attacker Value
Unknown
CVE-2020-5512
Disclosure Date: January 06, 2020 (last updated February 21, 2025)
Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal.
0
Attacker Value
Unknown
CVE-2020-5513
Disclosure Date: January 06, 2020 (last updated February 21, 2025)
Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal.
0
Attacker Value
Unknown
CVE-2020-5515
Disclosure Date: January 06, 2020 (last updated February 21, 2025)
Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.
0
Attacker Value
Unknown
CVE-2020-5514
Disclosure Date: January 06, 2020 (last updated February 21, 2025)
Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.
0
Attacker Value
Unknown
CVE-2019-17535
Disclosure Date: October 13, 2019 (last updated November 27, 2024)
Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.
0
