Lucene search
China National Vulnerability DatabaseCNVD-2024-06240HistoryJan 08, 2024 - 12:00 a.m.
Gila CMS Area Parameter SQL Injection Vulnerability
2024-01-0800:00:00
China National Vulnerability Database
www.cnvd.org.cn
4
gila cms
sql injection
vulnerability
php
mysql
web scripts
remote attacker
administration widget
portal
content management system
Gila CMS is an open source content management system (CMS) based on PHP and MySQL. A SQL injection vulnerability exists in Gila CMS 1.15.4 and earlier versions, which stems from the application’s lack of validation of externally entered SQL statements. The vulnerability can be exploited by a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration Widget tab after logging into the portal.
| CPE | Name | Operator | Version |
|---|---|---|---|
| gila cms gila cms | le | 1.15.4 |
Related
osv
osv
Gila CMS SQL Injection
2024-01-03 00:30:22
veracode
veracode
SQL Injection
2024-01-04 05:12:47
cvelist
cvelist
CVE-2020-26623
2024-01-02 00:00:00
cve
cve
CVE-2020-26623
2024-01-02 22:15:07
nvd
nvd
CVE-2020-26623
2024-01-02 22:15:07
prion
prion
Sql injection
2024-01-02 22:15:00
github
github
Gila CMS SQL Injection
2024-01-03 00:30:22
zdt
zdt
GilaCMS 1.15.4 SQL Injection Vulnerability
2023-12-22 00:00:00
packetstorm
packetstorm
GilaCMS 1.15.4 SQL Injection
2023-12-22 00:00:00