60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated…

CVE-2020-37110 affects 60CycleCMS version 2.5.2 with an SQL injection vulnerability in news.php and common/lib.php files. The vulnerability allows attackers to manipulate database queries through unvalidated user input, specifically through the 'title' parameter. Successful exploitation enables attackers to inject malicious SQL code and potentially extract or modify database contents. This is a database manipulation vulnerability that does not involve cross-site scripting. The vulnerability has exploit code publicly available and poses significant risk to affected CMS installations.