Gila
Products
2- 3 CVEs
- 3 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-47900 | Cri | 0.64 | 9.8 | 0.00 | Jan 27, 2026 | Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shell_exec() to run system commands by sending crafted requests to the admin endpoint. | ||
| CVE-2019-9647 | 0.03 | — | 0.01 | Jun 5, 2019 | Gila CMS 1.9.1 has XSS. | |||
| CVE-2024-7657 | 0.00 | — | 0.00 | Aug 11, 2024 | A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/update_rows/page?id=2 of the component HTTP POST Request Handler. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||
| CVE-2019-11515 | 0.00 | — | 0.00 | Apr 25, 2019 | core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files. | |||
| CVE-2019-11456 | 0.00 | — | 0.00 | Apr 22, 2019 | Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. |
- risk 0.64cvss 9.8epss 0.00
Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shell_exec() to run system commands by sending crafted requests to the admin endpoint.
- CVE-2019-9647Jun 5, 2019risk 0.03cvss —epss 0.01
Gila CMS 1.9.1 has XSS.
- CVE-2024-7657Aug 11, 2024risk 0.00cvss —epss 0.00
A vulnerability classified as problematic was found in Gila CMS 1.10.9. This vulnerability affects unknown code of the file /cm/update_rows/page?id=2 of the component HTTP POST Request Handler. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
- CVE-2019-11515Apr 25, 2019risk 0.00cvss —epss 0.00
core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files.
- CVE-2019-11456Apr 22, 2019risk 0.00cvss —epss 0.00
Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code.