CVE-2020-37110

Unknown Unknown - Not Provided

SQL Injection in 60CycleCMS 2.5.2 Enables Database Manipulation

Publication date: 2026-02-03

Last updated on: 2026-02-18

Assigner: VulnCheck

Description

60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious SQL code and potentially extract or modify database contents. This issue does not involve cross-site scripting.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-02-03

Last Modified

2026-02-18

Generated

2026-06-16

AI Q&A

2026-02-04

EPSS Evaluated

2026-06-14

NVD

CVE-2020-37110

Affected Vendors & Products

Vendor	Product	Version / Range
opensourcecms	60cyclecms	2.5.2

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-89	The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CWE ID

Description

CWE-89

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

Executive Summary

CVE-2020-37110 is an SQL injection vulnerability found in 60CycleCMS version 2.5.2. It exists in the files news.php and common/lib.php, where user input is not properly validated before being used in database queries. Attackers can exploit this by injecting malicious SQL code through parameters such as 'title', allowing them to manipulate the database.

Impact Analysis

This vulnerability can allow attackers to extract or modify the contents of the database. Because the attacker can manipulate database queries, they might gain unauthorized access to sensitive data or alter data integrity. The CVSS score indicates a high impact on confidentiality and a lower impact on integrity, with no impact on availability.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Hi! I’m here to help you understand CVE-2020-37110. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2020-37110

SQL Injection in 60CycleCMS 2.5.2 Enables Database Manipulation

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart