52 matches found
EUVD-2020-13477
Malware in sbrugna...
EUVD-2021-2068
Malware in sbrugna...
EUVD-2021-1992
Malware in sbrugna...
EUVD-2021-2080
Malware in sbrugna...
EUVD-2023-1685
Malicious code in bioql PyPI...
CVE-2020-20693
A Cross-Site Request Forgery CSRF in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts...
CVE-2020-20726
Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/updaterows/user parameter...
CVE-2020-20696
A cross-site scripting XSS vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field...
CVE-2020-20695
A stored cross-site scripting XSS vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file...
CVE-2020-20692
GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $GET parameter in /src/core/controllers/cm.php...
SQL Injection
gilacms/gila is vulnerable to SQL Injection. The vulnerability is due to the improper santization of the Area parameter within the AdministrationWidget tab, which allows an attacker to execute arbitrary web scripts which results in SQL injection...
SQL Injection
gilacms/gila is vulnerable to SQL Injection. The vulnerability is due to improper userid parameter sanitization within the login portal, which allows an attacker to execute arbitrary web scripts which results in SQL injection...
SQL Injection
gilacms/gila is vulnerable to SQL Injection. The vulnerability is due to improper ID parameter sanitization within login portal endpoint, which allows an attacker to execute arbitrary web scripts resulting in SQL injection...
GilaCMS 1.15.4 SQL Injection
Description: GilaCMS widget and use wiget area filter to perform search Sample payload: http://targeturl/cm/listrows/widget?page=1&area=dashboard'%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,@@version,NULL--%20 Attack Vector 2: After login into admin portal, go to edit...
GilaCMS 1.15.4 SQL Injection Vulnerability
Description: GilaCMS widget and use wiget area filter to perform search Sample payload: http://targeturl/cm/listrows/widget?page=1&area=dashboard'%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,@@version,NULL--%20 Attack Vector 2: After login into admin portal, go to edit...
GilaCMS Cross Site Request Forgery vulnerability
Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/updaterows/user parameter...
GHSA-4CW3-RHQX-VQWR GilaCMS Cross Site Request Forgery vulnerability
Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/updaterows/user parameter...
CVE-2020-20726
Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/updaterows/user parameter...
CVE-2020-20726
Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/updaterows/user parameter...
Cross site request forgery (csrf)
Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/updaterows/user parameter...