Filtered by vendor Gilacms
Subscriptions
Filtered by product Gila Cms
Subscriptions
Total
25 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-5514 | 1 Gilacms | 1 Gila Cms | 2024-08-04 | 9.1 Critical |
Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI. | ||||
CVE-2020-5513 | 1 Gilacms | 1 Gila Cms | 2024-08-04 | 6.8 Medium |
Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal. | ||||
CVE-2020-5515 | 1 Gilacms | 1 Gila Cms | 2024-08-04 | 7.2 High |
Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. | ||||
CVE-2021-39486 | 1 Gilacms | 1 Gila Cms | 2024-08-04 | 5.4 Medium |
A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim's browser. | ||||
CVE-2021-37777 | 1 Gilacms | 1 Gila Cms | 2024-08-04 | 7.5 High |
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure. |