{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-7714","assignerOrgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","state":"PUBLISHED","assignerShortName":"TR-CERT","dateReserved":"2025-07-16T14:51:01.327Z","datePublished":"2026-01-29T14:44:12.460Z","dateUpdated":"2026-06-05T13:38:20.848Z"},"containers":{"cna":{"providerMetadata":{"orgId":"ca940d4e-fea4-4aa2-9a58-591a58b1ce21","shortName":"TR-CERT","dateUpdated":"2026-06-05T13:38:20.848Z"},"title":"Time Based SQLi in Global Medya's PHP CMS","datePublic":"2026-01-29T14:40:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-89","description":"CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-108","descriptions":[{"lang":"en","value":"CAPEC-108 Command Line Execution through SQL Injection"}]}],"affected":[{"vendor":"Global Interactive Design Media Software Inc.","product":"Content Management System (CMS)","versions":[{"status":"affected","version":"0","lessThanOrEqual":"21072025","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Global Interactive Design Media Software Inc. Content Management System (CMS) allows Command Line Execution through SQL Injection.\n\nThis issue affects Content Management System (CMS): through 21072025.","supportingMedia":[{"type":"text/html","base64":false,"value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Global Interactive Design Media Software Inc. Content Management System (CMS) allows Command Line Execution through SQL Injection.<p>This issue affects Content Management System (CMS): through 21072025.</p>"}]}],"references":[{"url":"https://www.usom.gov.tr/bildirim/tr-26-0008","tags":["government-resource","broken-link"]},{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0008","tags":["government-resource"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseSeverity":"HIGH","baseScore":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}],"credits":[{"lang":"en","value":"Çetin BİNİCİ","type":"finder"}],"source":{"defect":["TR-26-0008"],"advisory":"TR-26-0008","discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-29T15:54:22.056330Z","id":"CVE-2025-7714","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-29T15:54:30.342Z"}}]}}