Gila Cms Security Vulnerabilities and Issues — Gila Cms CVE List

Lucene search

GilacmsGila Cms

3 matches found

CVE•added 2019/10/13 6:15 p.m.•90 views

CVE-2019-17535

Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.

9.3CVSS6.1AI score0.01428EPSS

CVE•added 2019/10/13 6:15 p.m.•86 views

CVE-2019-17536

Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.

9.9CVSS5.1AI score0.00425EPSS

CVE•added 2020/01/06 7:15 p.m.•71 views

CVE-2020-5514

Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.

9.1CVSS9.1AI score0.00835EPSS