Gila Cms Security Vulnerabilities and Issues — Gila Cms CVE List

Lucene search

GilacmsGila Cms

6 matches found

CVE•added 2021/09/27 10:15 p.m.•39 views

CVE-2020-20693

A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.

8.8CVSS8.6AI score0.00143EPSS

CVE•added 2021/09/27 10:15 p.m.•36 views

CVE-2020-20692

GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php.

7.2CVSS7.2AI score0.00255EPSS

CVE•added 2021/10/04 2:15 p.m.•34 views

CVE-2021-37777

Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure.

7.5CVSS7.2AI score0.0036EPSS

CVE•added 2021/10/04 2:15 p.m.•34 views

CVE-2021-39486

A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim's browser.

5.4CVSS5.4AI score0.00206EPSS

CVE•added 2021/09/27 10:15 p.m.•32 views

CVE-2020-20696

A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field.

5.4CVSS5.2AI score0.00261EPSS

CVE•added 2021/09/27 10:15 p.m.•31 views

CVE-2020-20695

A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.

5.4CVSS5.2AI score0.00261EPSS