{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-7714","assignerOrgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","state":"PUBLISHED","assignerShortName":"TR-CERT","dateReserved":"2025-07-16T14:51:01.327Z","datePublished":"2026-01-29T14:44:12.460Z","dateUpdated":"2026-01-29T15:54:30.342Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Content Management System (CMS)","vendor":"Global Interactive Design Media Software Inc.","versions":[{"lessThanOrEqual":"21072025","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Çetin BİNİCİ"}],"datePublic":"2026-01-29T14:40:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Global Interactive Design Media Software Inc. Content Management System (CMS) allows Command Line Execution through SQL Injection.<p>This issue affects Content Management System (CMS): through 21072025.</p>"}],"value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Global Interactive Design Media Software Inc. Content Management System (CMS) allows Command Line Execution through SQL Injection.This issue affects Content Management System (CMS): through 21072025."}],"impacts":[{"capecId":"CAPEC-108","descriptions":[{"lang":"en","value":"CAPEC-108 Command Line Execution through SQL Injection"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-89","description":"CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","shortName":"TR-CERT","dateUpdated":"2026-01-29T14:44:12.460Z"},"references":[{"url":"https://www.usom.gov.tr/bildirim/tr-26-0008"}],"source":{"advisory":"TR-26-0008","defect":["TR-26-0008"],"discovery":"UNKNOWN"},"title":"Time Based SQLi in Global Medya's PHP CMS","x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-29T15:54:22.056330Z","id":"CVE-2025-7714","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-29T15:54:30.342Z"}}]}}