CVE-2020-37108

HIGH

PhpIX 2012 Professional - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37108. PoCs published by indoushka.

AI-analyzed exploit summary This is a writeup describing a SQL injection vulnerability in PhpIX 2012 Professional, specifically in the 'id' parameter of product_detail.php. It includes a proof-of-concept URL but lacks actual exploit code.

Description

PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product_detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information.

Exploits (1)

exploitdb WRITEUP
by indoushka · textwebappsphp
https://www.exploit-db.com/exploits/48138

This is a writeup describing a SQL injection vulnerability in PhpIX 2012 Professional, specifically in the 'id' parameter of product_detail.php. It includes a proof-of-concept URL but lacks actual exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: PhpIX 2012 Professional
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/48138
Various Sources product
http://www.allhandsmarketing.com/
Various Sources technical-description
http://www.pcollectionnecktie.com/sandbox/

Scores

CVSS v3 7.1
EPSS 0.0027
EPSS Percentile 18.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
AllHandsMarketing/PhpIX 2012 Professional 2012
Published Feb 03, 2026
Tracked Since Feb 18, 2026