CVE Catalog

CVE-2020-26625

LowCVSS 3.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.66%

47th percentile — higher than 47% of all known CVEs

Summary

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier in the 'user_id' parameter after login. It allows a remote attacker to execute arbitrary database queries.

Risk Assessment

An attacker can gain unauthorized access to data, modify or delete database content, leading to a breach of confidentiality and integrity of the system.

Recommendation

Immediately update Gila CMS to a version later than 1.15.4 that includes a fix for the SQL injection vulnerability.

Original NVD description (English source)

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS