Security Advisory

CVE-2021-47900

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-27 15:23:51

Last updated 2026-03-05 01:29:11

Assigner VulnCheck

State PUBLISHED

Description

Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shell_exec() to run system commands by sending crafted requests to the admin endpoint.

← Browse all CVEs View on cve.org ↗