CVE-2020-26625
published 2024-01-02CVE-2020-26625: A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id'…
PriorityP425low3.8CVSS 3.1
AVNACLPRHUINSUCLILAN
EPSS
0.66%
47.0th percentile
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gilacms | gila | 0 – 1.15.4 | — |
| gilacms | gila_cms | <= 1.15.4 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Gila CMS SQL Injection vulnerability
osv·2024-01-03
CVE-2020-26625 [LOW] Gila CMS SQL Injection vulnerability
Gila CMS SQL Injection vulnerability
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.
GHSA
Gila CMS SQL Injection vulnerability
ghsa·2024-01-03
CVE-2020-26625 [LOW] CWE-89 Gila CMS SQL Injection vulnerability
Gila CMS SQL Injection vulnerability
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://gilacms.comhttps://github.com/GilaCMS/gilahttps://github.com/GilaCMS/gila/security/policyhttps://packetstormsecurity.com/files/176301/GilaCMS-1.15.4-SQL-Injection.htmlhttp://gilacms.comhttps://github.com/GilaCMS/gilahttps://github.com/GilaCMS/gila/security/policyhttps://packetstormsecurity.com/files/176301/GilaCMS-1.15.4-SQL-Injection.html
2024-01-02
Published