CVE Catalog

CVE-2020-26624

LowCVSS 3.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.66%

47th percentile — higher than 47% of all known CVEs

Summary

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier, allowing a remote attacker to execute arbitrary SQL scripts via the ID parameter after login.

Risk Assessment

An attacker can gain unauthorized access to the database, steal or modify data, and potentially take control of the server.

Recommendation

Immediately update Gila CMS to a version newer than 1.15.4 and implement parameterized SQL queries in the application code.

Original NVD description (English source)

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS