CVE Catalog
CVE-2020-26624
LowCVSS 3.8Exploitation Probability (EPSS)
Low risk0.66%
47th percentile — higher than 47% of all known CVEs
Summary
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier, allowing a remote attacker to execute arbitrary SQL scripts via the ID parameter after login.
Risk Assessment
An attacker can gain unauthorized access to the database, steal or modify data, and potentially take control of the server.
Recommendation
Immediately update Gila CMS to a version newer than 1.15.4 and implement parameterized SQL queries in the application code.
Original NVD description (English source)
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal.

