Gila Cms@1.11.4 Security Vulnerabilities and Issues — Gila Cms@1.11.4 CVE List

Lucene search

GilacmsGila Cms1.11.4

5 matches found

CVE•added 2023/06/20 3:15 p.m.•42 views

CVE-2020-20726

Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter.

8.8CVSS8.9AI score0.00613EPSS

CVE•added 2021/09/27 10:15 p.m.•39 views

CVE-2020-20693

A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.

8.8CVSS8.6AI score0.00143EPSS

CVE•added 2021/09/27 10:15 p.m.•36 views

CVE-2020-20692

GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php.

7.2CVSS7.2AI score0.00255EPSS

CVE•added 2021/09/27 10:15 p.m.•32 views

CVE-2020-20696

A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field.

5.4CVSS5.2AI score0.00261EPSS

CVE•added 2021/09/27 10:15 p.m.•31 views

CVE-2020-20695

A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.

5.4CVSS5.2AI score0.00261EPSS