Home / Vulnerability Intelligence / CVE-2018-25179

CVE-2018-25179 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 6, 2026

Gumbo CMS - SQL Injection

Published: March 6, 2026Updated: March 6, 2026Remote Exploitable

Overview

Gumbo CMS 0.99 contains an sql injection caused by unsanitized input in the language parameter at the settings endpoint, letting unauthenticated attackers execute arbitrary SQL queries and extract sensitive database information.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can execute arbitrary SQL queries to extract sensitive database information, compromising data confidentiality and integrity.

Mitigation

Update Gumbo CMS to the latest version.

References

https://www.exploit-db.com/exploits/45837
https://www.vulncheck.com/advisories/gumbo-cms-sql-injection-via-settings-endpoint

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2018-25179
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N