CVE-2020-26624

CVSS 3.1 Score 3.8 of 10 (low)

Details

Published Jan 2, 2024

Updated: Jan 9, 2024

CWE ID 89

Summary

CVE-2020-26624 is a SQL injection vulnerability affecting Gila CMS versions 1.15.4 and older. An attacker can exploit this issue by inputting malicious SQL code through the ID parameter in the login portal, granting unauthorized access and enabling the execution of arbitrary web scripts. This vulnerability poses a significant risk to websites using the affected CMS version and requires immediate patching to prevent potential data breaches or unauthorized access.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Gilacms Gila Cms

Affected Vendors

Gilacms

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/t5EH8W
https://www.cve.org/CVERecord?id=CVE-2020-26624
https://nvd.nist.gov/vuln/detail/CVE-2020-26624

Back to Vulnerability Database