CMS
by Gila
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-47900 | Cri | 0.64 | 9.8 | 0.01 | Jan 27, 2026 | Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shell_exec() to run system… | ||
| CVE-2019-11456 | Hig | 0.57 | 8.8 | 0.01 | Apr 22, 2019 | Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. | ||
| CVE-2020-20523 | Med | 0.40 | 6.1 | 0.01 | Aug 11, 2023 | Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation. | ||
| CVE-2020-26625 | Low | 0.25 | 3.8 | 0.01 | Jan 2, 2024 | A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal. | ||
| CVE-2024-7657 | Low | 0.23 | 3.5 | 0.01 | Aug 12, 2024 | A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/update_rows/page?id=2 of the component HTTP POST Request Handler. The manipulation of the argument content leads to cross site scripting. The attack… | ||
| CVE-2019-17536 | Med | 0.00 | 4.9 | 0.02 | Oct 13, 2019 | Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move. |
- risk 0.64cvss 9.8epss 0.01
Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shell_exec() to run system…
- risk 0.57cvss 8.8epss 0.01
Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code.
- risk 0.40cvss 6.1epss 0.01
Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation.
- risk 0.25cvss 3.8epss 0.01
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.
- risk 0.23cvss 3.5epss 0.01
A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/update_rows/page?id=2 of the component HTTP POST Request Handler. The manipulation of the argument content leads to cross site scripting. The attack…
- risk 0.00cvss 4.9epss 0.02
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.