Latest gilacms gila cms Vulnerabilities

CVE-2020-26623
SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the log...
composer/gilacms/gila<=1.15.4
Gilacms Gila Cms<=1.15.4
<=1.15.4
CVE-2020-26625
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.
Gilacms Gila Cms<=1.15.4
CVE-2020-26624
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal.
<=1.15.4
CVE-2020-20523
Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation.
Gilacms Gila Cms=1.11.3
composer/gilacms/gila<=1.11.3
CVE-2020-20726
Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter.
Gilacms Gila Cms=1.11.4
composer/gilacms/gila<=1.11.4
CVE-2021-37777
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for pic...
Gilacms Gila Cms=2.2.0
CVE-2021-39486
A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim's browser.
Gilacms Gila Cms=2.2.0
CVE-2020-20696
A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field.
Gilacms Gila Cms=1.11.4
CVE-2020-20693
A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.
Gilacms Gila Cms=1.11.4
CVE-2020-20695
A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.
Gilacms Gila Cms=1.11.4
CVE-2020-20692
GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php.
Gilacms Gila Cms=1.11.4
CVE-2020-28692
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.
Gilacms Gila Cms=1.16.0
CVE-2019-20804
Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.
Gilacms Gila Cms<1.11.6
CVE-2019-20803
Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.
Gilacms Gila Cms<1.11.6
CVE-2020-5513
Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal.
Gilacms Gila Cms=1.11.8
CVE-2020-5512
Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal.
Gilacms Gila Cms=1.11.8
CVE-2020-5514
Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.
Gilacms Gila Cms=1.11.8
CVE-2020-5515
Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.
Gilacms Gila Cms=1.11.8
CVE-2019-17536
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
Gilacms Gila Cms<=1.11.4
CVE-2019-17535
Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.
Gilacms Gila Cms<=1.11.4
CVE-2019-16679
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.
Gilacms Gila Cms<1.11.1
CVE-2019-11515
core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files.
Gilacms Gila Cms=1.10.1
CVE-2019-11456
Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code.
Gilacms Gila Cms=1.10.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203