CVE-2020-5515
published 2020-01-06CVE-2020-5515: Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.
PriorityP357high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
26.55%
97.8th percentile
Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gilacms | gila_cms | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect SQL injection attempts targeting the /admin/sql endpoint with a 'query' parameter containing 'INTO OUTFILE' — a classic MySQL file-write payload used to drop a webshell. ↗
- →Monitor for HTTP GET requests to /admin/sql?query= containing SQL keywords such as SELECT, INTO OUTFILE, and LINES TERMINATED BY, which are characteristic of this exploit chain. ↗
- →Alert on the presence of the hex-encoded PHP webshell payload (0x3c3f706870...) in HTTP request parameters — this decodes to a <?php system($_REQUEST['cmd']); ?> shell. ↗
- →Detect follow-on webshell access by monitoring for GET requests to /webshell.php with a 'cmd' query parameter, indicating successful exploitation and remote code execution. ↗
- →Flag requests carrying both the PHPSESSID and GSESSIONID cookies with the exact exploit-tool values as a high-confidence indicator of this specific exploit script being used. ↗
- ·The hardcoded PHPSESSID and GSESSIONID cookie values in the exploit script are specific to the proof-of-concept tool; real-world attackers will use valid session cookies obtained after authenticating to the target CMS, so cookie-based detection alone is insufficient. ↗
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/158114/Gila-CMS-1.11.8-SQL-Injection.htmlhttp://packetstormsecurity.com/files/158140/Gila-CMS-1.1.18.1-SQL-Injection-Shell-Upload.htmlhttps://infosecdb.wordpress.com/2020/01/05/gilacms-1-11-8-admin-sqlquery-sql-injection/http://packetstormsecurity.com/files/158114/Gila-CMS-1.11.8-SQL-Injection.htmlhttp://packetstormsecurity.com/files/158140/Gila-CMS-1.1.18.1-SQL-Injection-Shell-Upload.htmlhttps://infosecdb.wordpress.com/2020/01/05/gilacms-1-11-8-admin-sqlquery-sql-injection/
2020-01-06
Published