Gilacms CVE - OpenCVE

Filtered by vendor Gilacms Subscriptions

Total 25 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2020-5514	1 Gilacms	1 Gila Cms	2024-08-04	9.1 Critical
Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.
CVE-2020-5513	1 Gilacms	1 Gila Cms	2024-08-04	6.8 Medium
Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal.
CVE-2020-5515	1 Gilacms	1 Gila Cms	2024-08-04	7.2 High
Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.
CVE-2021-39486	1 Gilacms	1 Gila Cms	2024-08-04	5.4 Medium
A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim's browser.
CVE-2021-37777	1 Gilacms	1 Gila Cms	2024-08-04	7.5 High
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure.

« first previous Page 2 of 2.