Lucene search
HistoryJan 02, 2024 - 10:15 p.m.
CVE-2020-26624
cve-2020-26624
remote attacker
arbitrary web scripts
id parameter
login portal
3.8 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
5.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
50.7%
A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal.
Affected configurations
Node
gilacmsgila_cmsRange≤1.15.4
Related
github
github
Gila CMS SQL Injection vulnerability
2024-01-03 00:30:22
veracode
veracode
SQL Injection
2024-01-04 04:50:09
cvelist
cvelist
CVE-2020-26624
2024-01-02 00:00:00
prion
prion
Sql injection
2024-01-02 22:15:00
cve
cve
CVE-2020-26624
2024-01-02 22:15:07
osv
osv
Gila CMS SQL Injection vulnerability
2024-01-03 00:30:22
zdt
zdt
GilaCMS 1.15.4 SQL Injection Vulnerability
2023-12-22 00:00:00
packetstorm
packetstorm
GilaCMS 1.15.4 SQL Injection
2023-12-22 00:00:00
3.8 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
5.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
50.7%
Related for NVD:CVE-2020-26624