Gila CMS is an open source content management system (CMS) based on PHP and MySQL. A SQL injection vulnerability exists in Gila CMS 1.15.4 and earlier versions, which stems from the application’s lack of validation of externally entered SQL statements. The vulnerability can be exploited by a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration Widget tab after logging into the portal.
CPE | Name | Operator | Version |
---|---|---|---|
gila cms gila cms | le | 1.15.4 |