Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
GilacmsGila Cms

6 matches found

CVE
CVEadded 2019/09/21 8:15 p.m.227 views

CVE-2019-16679

Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.

4.9CVSS5AI score0.02479EPSS
CVE
CVEadded 2019/10/13 6:15 p.m.90 views

CVE-2019-17535

Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.

9.3CVSS6.1AI score0.01428EPSS
CVE
CVEadded 2019/10/13 6:15 p.m.86 views

CVE-2019-17536

Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.

9.9CVSS5.1AI score0.00425EPSS
CVE
CVEadded 2019/06/05 4:29 p.m.81 views

CVE-2019-9647

Gila CMS 1.9.1 has XSS.

6.1CVSS6.1AI score0.01428EPSS
CVE
CVEadded 2019/04/25 4:29 a.m.39 views

CVE-2019-11515

core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files.

4.9CVSS5.1AI score0.00436EPSS
CVE
CVEadded 2019/04/22 4:29 p.m.36 views

CVE-2019-11456

Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code.

8.8CVSS8.8AI score0.00145EPSS