Skip to main content

Gila Cms

17 CVEs product

Monthly

CVE-2024-7657 MEDIUM This Month

A vulnerability classified as problematic was found in Gila CMS 1.10.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gila Cms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2020-26625 PHP LOW POC Monitor

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Gila Cms
NVD GitHub VulDB
CVSS 3.1
3.8
EPSS
0.2%
CVE-2020-26624 PHP LOW POC Monitor

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Gila Cms
NVD GitHub VulDB
CVSS 3.1
3.8
EPSS
0.3%
CVE-2020-26623 PHP LOW POC Monitor

SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Gila Cms
NVD GitHub VulDB
CVSS 3.1
3.8
EPSS
0.3%
CVE-2021-39486 MEDIUM POC This Month

A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS File Upload Gila Cms
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37777 HIGH POC This Week

Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Gila Cms
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-28692 HIGH POC This Week

In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Gila Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.6%
CVE-2020-5513 MEDIUM POC THREAT This Month

Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gila Cms
NVD
CVSS 3.1
6.8
EPSS
25.8%
CVE-2020-5512 MEDIUM POC THREAT This Month

Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gila Cms
NVD
CVSS 3.1
6.8
EPSS
18.9%
CVE-2020-5515 HIGH POC THREAT This Week

Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Gila Cms
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
26.5%
CVE-2020-5514 CRITICAL POC THREAT Act Now

Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Gila Cms
NVD
CVSS 3.1
9.1
EPSS
44.1%
CVE-2019-17536 MEDIUM POC This Month

Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Gila Cms
NVD GitHub
CVSS 3.1
4.9
EPSS
2.3%
CVE-2019-17535 MEDIUM POC This Month

Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Gila Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
2.0%
CVE-2019-16679 MEDIUM POC This Month

Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gila Cms
NVD GitHub Exploit-DB
CVSS 3.1
4.9
EPSS
7.0%
CVE-2019-9647 MEDIUM POC This Month

Gila CMS 1.9.1 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gila Cms
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2019-11515 MEDIUM POC This Month

core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Gila Cms
NVD
CVSS 3.0
4.9
EPSS
2.1%
CVE-2019-11456 HIGH POC This Week

Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Gila Cms
NVD
CVSS 3.0
8.8
EPSS
0.9%
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability classified as problematic was found in Gila CMS 1.10.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gila Cms
NVD VulDB
EPSS 0% CVSS 3.8
LOW POC Monitor

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Gila Cms
NVD GitHub VulDB
EPSS 0% CVSS 3.8
LOW POC Monitor

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Gila Cms
NVD GitHub VulDB
EPSS 0% CVSS 3.8
LOW POC Monitor

SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Gila Cms
NVD GitHub VulDB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS File Upload +1
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Gila Cms
NVD
EPSS 2% CVSS 7.2
HIGH POC This Week

In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Gila Cms
NVD GitHub
EPSS 26% CVSS 6.8
MEDIUM POC THREAT This Month

Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gila Cms
NVD
EPSS 19% CVSS 6.8
MEDIUM POC THREAT This Month

Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gila Cms
NVD
EPSS 27% CVSS 7.2
HIGH POC THREAT This Week

Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Gila Cms
NVD Exploit-DB
EPSS 44% CVSS 9.1
CRITICAL POC THREAT Act Now

Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Gila Cms
NVD
EPSS 2% CVSS 4.9
MEDIUM POC This Month

Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Gila Cms
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC This Month

Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Gila Cms
NVD GitHub
EPSS 7% CVSS 4.9
MEDIUM POC This Month

Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gila Cms
NVD GitHub Exploit-DB
EPSS 2% CVSS 6.1
MEDIUM POC This Month

Gila CMS 1.9.1 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gila Cms
NVD Exploit-DB
EPSS 2% CVSS 4.9
MEDIUM POC This Month

core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Gila Cms
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Gila Cms
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy