Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Gumbo CMS allows attackers to steal database secrets
CVE-2018-25179
Summary
Gumbo CMS is missing a security check, allowing attackers to access sensitive information like user names, database names, and software versions. This could allow attackers to gain more control over your website. Update Gumbo CMS to the latest version to fix this issue.
Original title
Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. Attackers c...
Original description
Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. Attackers can send POST requests to the settings endpoint with crafted SQL payloads in the language parameter to extract sensitive database information including usernames, databases, and version details.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026