VYPR

CMS

by Gila

CVEs (6)

  • CVE-2021-47900CriJan 27, 2026
    risk 0.64cvss 9.8epss 0.01

    Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shell_exec() to run system…

  • CVE-2019-11456HigApr 22, 2019
    risk 0.57cvss 8.8epss 0.01

    Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code.

  • CVE-2020-20523MedAug 11, 2023
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation.

  • CVE-2020-26625LowJan 2, 2024
    risk 0.25cvss 3.8epss 0.01

    A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.

  • CVE-2024-7657LowAug 12, 2024
    risk 0.23cvss 3.5epss 0.01

    A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/update_rows/page?id=2 of the component HTTP POST Request Handler. The manipulation of the argument content leads to cross site scripting. The attack…

  • CVE-2019-17536MedOct 13, 2019
    risk 0.00cvss 4.9epss 0.02

    Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.