CVE-2020-36951

HIGH

Phpscript-sgh 0.1.0 - SQL Injection

Title source: llm

Description

Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerability in the admin interface that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit this vulnerability by crafting malicious payloads that trigger time delays, enabling them to extract sensitive database information through conditional sleep techniques.

Exploits (1)

exploitdb WRITEUP

by KeopssGroup0day_Inc · textwebappsmultiple

https://www.exploit-db.com/exploits/49192

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/49192

[Various Sources] https://github.com/geraked/phpscript-sgh

[Third Party Advisory] https://www.vulncheck.com/advisories/phpscript-sgh-time-based-blind-sql-injection

Scores

CVSS v3 8.2

EPSS 0.0005

EPSS Percentile 15.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

geraked/phpscript-sgh 0.1.0

Published Jan 27, 2026

Tracked Since Feb 18, 2026