Miggo Logo
Miggo Vulnerability Database
CVE-2020-26624

CVE-2020-26624: Gila CMS SQL Injection vulnerability

3.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-26624
GHSA ID
GHSA-4vf6-2rmx-fgqx
EPSS Score
0.49264%
CWE
CWE-89
Published
1/3/2024
Updated
1/9/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
gilacms/gilacomposer<= 1.15.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided information indicates a SQL injection vulnerability in the ID parameter after authentication, but no specific code snippets, file paths, or function names are disclosed in the available resources. The GitHub repository's security policy and advisory do not contain technical details about the vulnerable implementation. While the vulnerability pattern suggests improper input sanitization in SQL query construction involving the ID parameter, the lack of commit diffs, patch details, or concrete code examples prevents confident identification of specific vulnerable functions. The PHP-based CMS likely contains vulnerable SQL query building logic in authentication-related controllers/models, but insufficient technical evidence exists to pinpoint exact functions with high confidence.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* SQL inj**tion vuln*r**ility w*s *is*ov*r** in *il* *MS *.**.* *n* **rli*r w*i** *llows * r*mot* *tt**k*r to *x**ut* *r*itr*ry w** s*ripts vi* t** I* p*r*m*t*r **t*r t** lo*in port*l.

Reasoning

T** provi*** in*orm*tion in*i**t*s * SQL inj**tion vuln*r**ility in t** I* p*r*m*t*r **t*r *ut**nti**tion, *ut no sp**i*i* *o** snipp*ts, *il* p*t*s, or *un*tion n*m*s *r* *is*los** in t** *v*il**l* r*sour**s. T** *it*u* r*pository's s**urity poli*y