CVE Catalog
CVE-2020-26625
LowCVSS 3.8Exploitation Probability (EPSS)
Low risk0.66%
47th percentile — higher than 47% of all known CVEs
Summary
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier in the 'user_id' parameter after login. It allows a remote attacker to execute arbitrary database queries.
Risk Assessment
An attacker can gain unauthorized access to data, modify or delete database content, leading to a breach of confidentiality and integrity of the system.
Recommendation
Immediately update Gila CMS to a version later than 1.15.4 that includes a fix for the SQL injection vulnerability.
Original NVD description (English source)
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.

