CVE-2020-37110 — HIGH (8.2)

Vulnerability Description

60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious SQL code and potentially extract or modify database contents. This issue does not involve cross-site scripting.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Opensourcecms	60Cyclecms	2.5.2

Related Weaknesses (CWE)

CWE-89

References

https://www.exploit-db.com/exploits/48177ExploitThird Party AdvisoryVDB Entry
https://www.opensourcecms.com/60cyclecmsBroken Link
https://www.vulncheck.com/advisories/cyclecms-newsphp-sql-injection-vulnerabilitBroken Link

FAQ

What is CVE-2020-37110?

CVE-2020-37110 is a vulnerability with a CVSS score of 8.2 (HIGH). 60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulne...

How severe is CVE-2020-37110?

CVE-2020-37110 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-37110?

Check the references section above for vendor advisories and patch information. Affected products include: Opensourcecms 60Cyclecms.