CVE-2020-37110

HIGH

60CycleCMS 2.5.2 - SQL Injection

Title source: llm

Description

60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious SQL code and potentially extract or modify database contents. This issue does not involve cross-site scripting.

Exploits (1)

exploitdb WRITEUP

by Unkn0wn · textwebappsphp

https://www.exploit-db.com/exploits/48177

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/48177

[Various Sources] https://www.opensourcecms.com/60cyclecms

[Third Party Advisory] https://www.vulncheck.com/advisories/cyclecms-newsphp-sql-injection-vulnerability

Scores

CVSS v3 8.2

EPSS 0.0005

EPSS Percentile 14.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

opensourcecms/60cyclecms 2.5.2

Published Feb 03, 2026

Tracked Since Feb 18, 2026