CVE |
Vendors |
Products |
Updated |
CVSS |
CVE-2019-17535 |
1 Gilacms |
1 Gila Cms |
2019-10-16 |
4.3 |
Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647. |
CVE-2019-16679 |
1 Gilacms |
1 Gila Cms |
2019-09-23 |
4.0 |
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion. |
CVE-2019-9647 |
1 Gilacms |
1 Gila Cms |
2019-06-06 |
4.3 |
Gila CMS 1.9.1 has XSS. |
CVE-2019-11515 |
1 Gilacms |
1 Gila Cms |
2019-04-27 |
4.0 |
core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files. |
CVE-2019-11456 |
1 Gilacms |
1 Gila Cms |
2019-04-26 |
6.8 |
Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. |