CVE-2021-47900

Name of the Vulnerable Software and Affected Versions Gila CMS versions prior to 2.0.0

Description Gila CMS is affected by a remote code execution issue that allows unauthenticated attackers to execute arbitrary system commands. This is achieved by manipulating HTTP headers, specifically injecting PHP code into the User-Agent header. The shell exec() function is used to run system commands by sending crafted requests to the admin endpoint. The API endpoint ''/admin'' is vulnerable. The vulnerable parameter is the User-Agent header.

Recommendations Update Gila CMS to version 2.0.0 or later.