CVE-2020-26623
published 2024-01-02CVE-2020-26623: SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under…
PriorityP424low3.8CVSS 3.1
AVNACLPRHUINSUCLILAN
EPSS
0.66%
47.0th percentile
SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gilacms | gila | 0 – 1.15.4 | — |
| gilacms | gila_cms | <= 1.15.4 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Gila CMS SQL Injection
ghsa·2024-01-03
CVE-2020-26623 [MEDIUM] CWE-89 Gila CMS SQL Injection
Gila CMS SQL Injection
SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal.
OSV
Gila CMS SQL Injection
osv·2024-01-03
CVE-2020-26623 [MEDIUM] Gila CMS SQL Injection
Gila CMS SQL Injection
SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://gilacms.comhttps://github.com/GilaCMS/gilahttps://github.com/GilaCMS/gila/security/policyhttps://packetstormsecurity.com/files/176301/GilaCMS-1.15.4-SQL-Injection.htmlhttp://gilacms.comhttps://github.com/GilaCMS/gilahttps://github.com/GilaCMS/gila/security/policyhttps://packetstormsecurity.com/files/176301/GilaCMS-1.15.4-SQL-Injection.html
2024-01-02
Published