CVE-2020-1937

HIGH

Apache Kylin 2.3.0-2.3.1 and 2.6.0-2.6.4 - SQL Injection via RESTful API Input

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-1937. PoCs published by shanika04.

AI-analyzed exploit summary The repository appears to be a partial or incomplete snapshot of Apache Kylin's source code, lacking any exploit PoC or offensive techniques. It includes standard test files and build scripts but no code demonstrating CVE-2020-1937.

Description

Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.

Exploits (1)

nomisec STUB
by shanika04 · poc
https://github.com/shanika04/apache_kylin

The repository appears to be a partial or incomplete snapshot of Apache Kylin's source code, lacking any exploit PoC or offensive techniques. It includes standard test files and build scripts but no code demonstrating CVE-2020-1937.

Classification
Stub 90%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: Apache Kylin
No auth needed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.8
EPSS 0.0267
EPSS Percentile 83.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (3)
apache/kylin 3.0.0 (4 CPE variants)
apache/kylin 2.3.0 - 2.3.2
org.apache.kylin/kylin-server-base 0 - 2.6.5Maven
Published Feb 24, 2020
Tracked Since Feb 18, 2026