CVE-2018-25179

Name of the Vulnerable Software and Affected Versions Gumbo CMS version 0.99

Description Gumbo CMS version 0.99 contains an SQL injection issue that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can send POST requests to the ''/settings'' endpoint with crafted SQL payloads in the language parameter to extract sensitive database information, including usernames, databases, and version details.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the ''/settings'' endpoint. Avoid using the language parameter in POST requests to the ''/settings'' endpoint until the issue is resolved.