CVE-2020-26625

Name of the Vulnerable Software and Affected Versions Gila CMS versions 1.15.4 and earlier

Description A SQL injection issue was discovered that allows a remote attacker to execute arbitrary web scripts via the user id parameter after the login portal. This enables the attacker to potentially access or manipulate sensitive data.

Recommendations For Gila CMS versions 1.15.4 and earlier, as a temporary workaround, consider restricting access to the login portal or disabling the use of the user id parameter until a patch is available. Avoid using the user id parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.