CVE-2020-26623

Name of the Vulnerable Software and Affected Versions Gila CMS versions 1.15.4 and earlier

Description A SQL Injection issue allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal. This enables the attacker to potentially access and manipulate sensitive data.

Recommendations For Gila CMS versions 1.15.4 and earlier, as a temporary workaround, consider restricting access to the Administration>Widget tab and the Area parameter until a patch is available. Avoid using the Area parameter in the affected tab to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.