CVE-2020-37110

Name of the Vulnerable Software and Affected Versions 60CycleCMS version 2.5.2

Description The software contains an SQL injection issue in the 'news.php' and 'common/lib.php' files. Attackers can manipulate database queries through unvalidated user input. Specifically, the 'title' parameter is vulnerable to malicious SQL code injection, potentially allowing attackers to extract or modify database contents. This issue does not involve cross-site scripting.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize all user-supplied input to the 'title' parameter before using it in database queries.