CVE-2020-26625

CVSS 3.8 LOWEPSS 0.7%CWE-89

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Productos afectados

n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://gilacms.com https://github.com/GilaCMS/gila https://github.com/GilaCMS/gila/security/policy https://packetstormsecurity.com/files/176301/GilaCMS-1.15.4-SQL-Injection.html