CVE-2020-37108

HIGH

PhpIX 2012 Professional - SQL Injection

Title source: llm

Description

PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product_detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information.

Exploits (1)

exploitdb WRITEUP

by indoushka · textwebappsphp

https://www.exploit-db.com/exploits/48138

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/48138

[Various Sources] http://www.allhandsmarketing.com/

[Various Sources] http://www.pcollectionnecktie.com/sandbox/

[Third Party Advisory] https://www.vulncheck.com/advisories/phpix-professional-id-sql-injection

Scores

CVSS v3 7.1

EPSS 0.0005

EPSS Percentile 16.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

AllHandsMarketing/PhpIX 2012 Professional 2012

Published Feb 03, 2026

Tracked Since Feb 18, 2026