CMS
by Gila
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-47900 | Cri | 0.64 | 9.8 | 0.00 | Jan 27, 2026 | Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shell_exec() to run system commands by sending crafted requests to the admin endpoint. | ||
| CVE-2024-7657 | 0.00 | — | 0.00 | Aug 11, 2024 | A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/update_rows/page?id=2 of the component HTTP POST Request Handler. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||
| CVE-2019-11456 | 0.00 | — | 0.00 | Apr 22, 2019 | Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. |
- risk 0.64cvss 9.8epss 0.00
Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shell_exec() to run system commands by sending crafted requests to the admin endpoint.
- CVE-2024-7657Aug 11, 2024risk 0.00cvss —epss 0.00
A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/update_rows/page?id=2 of the component HTTP POST Request Handler. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
- CVE-2019-11456Apr 22, 2019risk 0.00cvss —epss 0.00
Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code.