CVE-2020-36951

HIGH

Phpscript-sgh 0.1.0 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-36951. PoCs published by KeopssGroup0day_Inc.

AI-analyzed exploit summary This is a writeup detailing a time-based blind SQL injection vulnerability in Phpscript-sgh 0.1.0. It includes payload examples for exploiting the vulnerability via the 'id' parameter in the admin interface.

Description

Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerability in the admin interface that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit this vulnerability by crafting malicious payloads that trigger time delays, enabling them to extract sensitive database information through conditional sleep techniques.

Exploits (1)

exploitdb WRITEUP
by KeopssGroup0day_Inc · textwebappsmultiple
https://www.exploit-db.com/exploits/49192

This is a writeup detailing a time-based blind SQL injection vulnerability in Phpscript-sgh 0.1.0. It includes payload examples for exploiting the vulnerability via the 'id' parameter in the admin interface.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Phpscript-sgh 0.1.0
Auth required
Prerequisites: Access to the admin interface · Valid session or authentication credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.2
EPSS 0.0030
EPSS Percentile 21.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
geraked/phpscript-sgh 0.1.0
Published Jan 27, 2026
Tracked Since Feb 18, 2026