Gilacms Gila vulnerabilities
8 known vulnerabilities affecting gilacms/gila.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM4LOW2
Vulnerabilities
Page 1 of 1
CVE-2020-20726P3HIGH≥ 0, ≤ 1.11.42023-06-20
CVE-2020-20726 [HIGH] CWE-352 GilaCMS Cross Site Request Forgery vulnerability
GilaCMS Cross Site Request Forgery vulnerability
Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the `cm/update_rows/user` parameter.
ghsaosv
CVE-2020-20693P4HIGH≥ 0, ≤ 1.11.42021-09-30
CVE-2020-20693 [HIGH] CWE-352 Cross-Site Request Forgery in GilaCMS
Cross-Site Request Forgery in GilaCMS
A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.
ghsaosv
CVE-2020-26625P4LOW≥ 0, ≤ 1.15.42024-01-03
CVE-2020-26625 [LOW] CWE-89 Gila CMS SQL Injection vulnerability
Gila CMS SQL Injection vulnerability
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.
ghsaosv
CVE-2020-26623P4MEDIUM≥ 0, ≤ 1.15.42024-01-03
CVE-2020-26623 [MEDIUM] CWE-89 Gila CMS SQL Injection
Gila CMS SQL Injection
SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal.
ghsaosv
CVE-2020-20523P4MEDIUM≥ 0, < 1.11.42023-08-11
CVE-2020-20523 [MEDIUM] CWE-79 Gila CMS Cross-site Scripting Vulnerability
Gila CMS Cross-site Scripting Vulnerability
Cross Site Scripting (XSS) vulnerability in `adm_user` parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation.
ghsaosv
CVE-2020-26624P4LOW≥ 0, ≤ 1.15.42024-01-03
CVE-2020-26624 [LOW] CWE-89 Gila CMS SQL Injection vulnerability
Gila CMS SQL Injection vulnerability
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal.
ghsaosv
CVE-2020-20695P4MEDIUM≥ 0, ≤ 1.11.42021-09-30
CVE-2020-20695 [MEDIUM] CWE-79 Cross-site Scripting in GilaCMS
Cross-site Scripting in GilaCMS
A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.
ghsaosv
CVE-2020-20696P4MEDIUM≥ 0, ≤ 1.11.42021-09-30
CVE-2020-20696 [MEDIUM] CWE-79 Cross-site Scripting in GilaCMS
Cross-site Scripting in GilaCMS
A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field.
ghsaosv