Packagist (Composer) package
gilacms/gila
pkg:composer/gilacms/gila
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-26625 | — | <= 1.15.4 | — | Jan 2, 2024 | A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal. | ||
| CVE-2020-26624 | — | <= 1.15.4 | — | Jan 2, 2024 | A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal. | ||
| CVE-2020-26623 | — | <= 1.15.4 | — | Jan 2, 2024 | SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal. | ||
| CVE-2020-20523 | — | < 1.11.4 | 1.11.4 | Aug 11, 2023 | Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation. | ||
| CVE-2020-20726 | — | <= 1.11.4 | — | Jun 20, 2023 | Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter. | ||
| CVE-2020-20693 | — | <= 1.11.4 | — | Sep 27, 2021 | A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts. | ||
| CVE-2020-20696 | — | <= 1.11.4 | — | Sep 27, 2021 | A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field. | ||
| CVE-2020-20695 | — | <= 1.11.4 | — | Sep 27, 2021 | A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file. |
- CVE-2020-26625Jan 2, 2024affected <= 1.15.4
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.
- CVE-2020-26624Jan 2, 2024affected <= 1.15.4
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal.
- CVE-2020-26623Jan 2, 2024affected <= 1.15.4
SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal.
- CVE-2020-20523Aug 11, 2023affected < 1.11.4fixed 1.11.4
Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation.
- CVE-2020-20726Jun 20, 2023affected <= 1.11.4
Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter.
- CVE-2020-20693Sep 27, 2021affected <= 1.11.4
A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.
- CVE-2020-20696Sep 27, 2021affected <= 1.11.4
A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field.
- CVE-2020-20695Sep 27, 2021affected <= 1.11.4
A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.