Gilacms: >> Gila Cms >> 1.11.8 Security Vulnerabilities
SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal.
CVSS Score
3.8
EPSS Score
0.003
Published
2024-01-02
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal.
CVSS Score
3.8
EPSS Score
0.003
Published
2024-01-02
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.
CVSS Score
3.8
EPSS Score
0.003
Published
2024-01-02
Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal.
CVSS Score
6.8
EPSS Score
0.008
Published
2020-01-06
Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal.
CVSS Score
6.8
EPSS Score
0.026
Published
2020-01-06
Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.
CVSS Score
9.1
EPSS Score
0.008
Published
2020-01-06
Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.
CVSS Score
7.2
EPSS Score
0.641
Published
2020-01-06