Gila.CMS.sql.php.SQL.Injection
Description
This indicates an attack attempt to exploit an SQL Injection Vulnerability in Gila CMS.
The vulnerability is due to improper validation of user supplied input in requests to sql.php. A remote, authenticated attacker can exploit this vulnerability by sending an HTTP request with crafted HTTP parameters to the target server. Successful exploitation could result in the execution of arbitrary SQL commands against the database on the target server.
Affected Products
Gila CMS 1.11.8 and before
Impact
System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://github.com/GilaCMS/gila/releases/tag/1.11.11
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2021-03-09 | 18.032 | |
2020-07-27 | 15.894 | Default_action:pass:drop |
2020-07-15 | 15.887 |