CVE-2020-37076

High CVSS: 8.8

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based, error-based, and time-based injection techniques.

Vendor

Victor Cms Project

Product

Victor Cms

CWE

CWE-89

Yayın Tarihi

2026-02-03 22:16:23

Güncelleme

2026-02-10 14:53:04

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-89 Victor Cms HIGH Victor Cms Project 2026

Referanslar

https://github.com/VictorAlagwu/CMSsite https://www.exploit-db.com/exploits/48451 https://www.vulncheck.com/advisories/victor-cms-post-sql-injection

Benzer Kayıtlar

Medium

CVE-2020-37072

Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment_author' POST parameter that allows a…

High

CVE-2020-37073

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with a…

High

CVE-2020-36942

Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files throug…