CVE Catalog

CVE-2020-26623

LowCVSS 3.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.66%

47th percentile — higher than 47% of all known CVEs

Summary

A SQL injection vulnerability was discovered in Gila CMS version 1.15.4 and earlier. It allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after login.

Risk Assessment

An attacker can gain unauthorized access to the database, steal or modify data, and potentially take over the CMS system.

Recommendation

Immediately update Gila CMS to the latest available version that includes a fix for the SQL injection vulnerability.

Original NVD description (English source)

SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS