CVE-2020-26624: 
PHP vulnerability analysis and mitigation

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier versions, which allows a remote attacker to execute arbitrary web scripts via the ID parameter after accessing the login portal (NVD, CVE).

The vulnerability is classified as a CWE-89 type, which refers to 'Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)'. The CVSS v3.1 base score is 3.8 (LOW) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N. This indicates that while the vulnerability is network-accessible, it requires high privileges to exploit and has low impact on confidentiality and integrity (NVD).

The vulnerability can allow attackers to execute arbitrary web scripts through SQL injection, potentially leading to unauthorized access to database information and possible manipulation of data. The impact is somewhat limited due to the requirement of high privileges to exploit the vulnerability (NVD).

Users should upgrade to a version newer than Gila CMS 1.15.4. The project maintains a security policy for reporting vulnerabilities, and all versions can be upgraded to the latest version that includes security updates (Gila Security).