6 matches found
CVE-2021-47900 Gila CMS < 2.0.0 - Remote Code Execution
Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shellexec to run system commands by sending craft...
Gila CMS 跨站脚本漏洞
Gila CMS is an open source content management system CMS based on PHP and MySQL from Gila CMS. A cross-site scripting vulnerability exists in Gila CMS version 1.10.9, which stems from the parameter content in file /cm/updaterows/page?id=2 that can lead to a cross-site scripting attack...
Gila CMS 跨站脚本漏洞
Gila CMS is an open source content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in Gila CMS version 1.11.3, which stems from the lack of effective filtering and escaping of user-supplied data by the parameter admuser, and can be exploited by an attacke...
CVE-2020-28692
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files...
Gila CMS Cross-Site Scripting Vulnerability (CNVD-2020-34658)
Gila CMS is an open source content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in Gila CMS versions prior to 1.11.6. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this...
CVE-2020-5515
Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection...