Show filters
25 Total Results
Displaying 21-25 of 25
Sort by:
Attacker Value
Unknown

CVE-2019-17536

Disclosure Date: October 13, 2019 (last updated November 27, 2024)
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-16679

Disclosure Date: September 21, 2019 (last updated November 27, 2024)
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-9647

Disclosure Date: June 05, 2019 (last updated November 27, 2024)
Gila CMS 1.9.1 has XSS.
0
0
Attacker Value
Unknown

CVE-2019-11515

Disclosure Date: April 25, 2019 (last updated November 27, 2024)
core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files.
0
0
Attacker Value
Unknown

CVE-2019-11456

Disclosure Date: April 22, 2019 (last updated November 27, 2024)
Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code.
0
0
View More Topics  < Previous