← Zuruck zu CVEs
CVE-2020-37076
HIGH8.2
Beschreibung
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based, error-based, and time-based injection techniques.
CVE Details
CVSS v3.1 Bewertung8.2
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht2/3/2026
Zuletzt geandert2/10/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
victor_cms_project:victor_cms
Schwachen (CWE)
CWE-89
Referenzen
https://github.com/VictorAlagwu/CMSsite(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/48451(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/victor-cms-post-sql-injection(disclosure@vulncheck.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.