Unrated severityNVD Advisory· Published Feb 3, 2026· Updated Mar 5, 2026

60CycleCMS 2.5.2 - 'news.php' SQL Injection Vulnerability

CVE-2020-37110

Description

60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious SQL code and potentially extract or modify database contents. This issue does not involve cross-site scripting.

Affected products

60cyclecms Project/60cyclecmsllm-fuzzy
Range: =2.5.2
Davidvg/60CycleCMSv5
Range: 2.5.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/48177mitreexploit
www.vulncheck.com/advisories/cyclecms-newsphp-sql-injection-vulnerabilitymitrethird-party-advisory
www.opensourcecms.com/60cyclecmsmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000