Skip to main content

Gila Cms CVE-2020-26624

LOW
SQL Injection (CWE-89)
2024-01-02 cve@mitre.org
3.8
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.8 LOW
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 19:33 vuln.today
PoC Detected
Jun 17, 2025 - 15:15 vuln.today
Public exploit code
CVE Published
Jan 02, 2024 - 22:15 nvd
LOW 3.8

DescriptionNVD

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal.

AnalysisAI

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal. Affected products include: Gilacms Gila Cms.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2020-5514 CRITICAL POC
9.1 Jan 06

Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= UR

CVE-2019-11456 HIGH POC
8.8 Apr 22

Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. Rated high severity (CVSS 8.8), this vulnerability

CVE-2021-37777 HIGH POC
7.5 Oct 04

Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Rated high severity (CVSS 7.5), this vulnerabil

CVE-2020-28692 HIGH POC
7.2 Nov 16

In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for exec

CVE-2020-5515 HIGH POC
7.2 Jan 06

Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely e

CVE-2020-5513 MEDIUM POC
6.8 Jan 06

Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal. Rated medium severity (CVSS 6.8), this vulnerability is rem

CVE-2020-5512 MEDIUM POC
6.8 Jan 06

Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal. Rated medium severity (CVSS 6.8), this vulnerability is rem

CVE-2019-17535 MEDIUM POC
6.1 Oct 13

Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a

CVE-2019-9647 MEDIUM POC
6.1 Jun 05

Gila CMS 1.9.1 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication

CVE-2021-39486 MEDIUM POC
5.4 Oct 04

A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. Rated medium severity (CVSS 5.4), this vulnerab

CVE-2019-17536 MEDIUM POC
4.9 Oct 13

Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/c

CVE-2019-16679 MEDIUM POC
4.9 Sep 21

Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion. Rated medium severit

Share

CVE-2020-26624 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy