Gila Cms Security Vulnerabilities and Issues — Gila Cms CVE List

Lucene search

GilacmsGila Cms

4 matches found

CVE•added 2020/01/06 7:15 p.m.•138 views

CVE-2020-5515

Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.

7.2CVSS7.3AI score0.64085EPSS

Web

CVE•added 2021/09/27 10:15 p.m.•37 views

CVE-2020-20692

GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php.

7.2CVSS7.2AI score0.00255EPSS

CVE•added 2021/10/04 2:15 p.m.•34 views

CVE-2021-37777

Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure.

7.5CVSS7.2AI score0.0036EPSS

CVE•added 2020/11/16 6:15 p.m.•33 views

CVE-2020-28692

In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.

7.2CVSS7AI score0.00451EPSS