CVE-2020-551506.01.2020, 19:15Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.SQL InjectionEnginsightSeverityHIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HAtk. VectorNETWORKAtk. ComplexityLOWPriv. RequiredHIGHBase ScoreCVSS 3.xEPSS ScorePercentile: 83%VendorProductVersiongilacmsgila_cms1.11.8𝑥= Vulnerable software versionsKnown Exploits!http://packetstormsecurity.com/files/158114/Gila-CMS-1.11.8-SQL-Injection.htmlhttp://packetstormsecurity.com/files/158140/Gila-CMS-1.1.18.1-SQL-Injection-Shell-Upload.htmlhttps://infosecdb.wordpress.com/2020/01/05/gilacms-1-11-8-admin-sqlquery-sql-injection/Common Weakness EnumerationCWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.Referenceshttp://packetstormsecurity.com/files/158114/Gila-CMS-1.11.8-SQL-Injection.htmlhttp://packetstormsecurity.com/files/158140/Gila-CMS-1.1.18.1-SQL-Injection-Shell-Upload.htmlhttps://infosecdb.wordpress.com/2020/01/05/gilacms-1-11-8-admin-sqlquery-sql-injection/