CVE-2020-37076

HIGH

Victor CMS 1.0 - SQL Injection

Title source: llm

Description

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based, error-based, and time-based injection techniques.

Exploits (1)

exploitdb WORKING POC

by BKpatron · textwebappsphp

https://www.exploit-db.com/exploits/48451

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/48451

[Product] https://github.com/VictorAlagwu/CMSsite

[Third Party Advisory] https://www.vulncheck.com/advisories/victor-cms-post-sql-injection

Scores

CVSS v3 8.2

EPSS 0.0013

EPSS Percentile 32.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

victor_cms_project/victor_cms 1.0

Published Feb 03, 2026

Tracked Since Feb 18, 2026