216.73.216.133

CVE-2021-47900

· Published 27/01/2026 16:16 · Modified 27/01/2026 16:16

Labels: CVE-2021-47900 2026-01-27CVE-2021-47900CWE-98[email protected]

Essential information

Published
27/01/2026 16:16
Modified
27/01/2026 16:16
Author
Creator
CVSS
9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shell_exec() to run system commands by sending crafted requests to the admin endpoint.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
gila / gila cms cpe:2.3:a:gila:gila_cms:<2.0.0:*:*:*:*:*:*:*

References