CVE-2020-37108

HIGH

PhpIX 2012 Professional - SQL Injection

Title source: llm

Description

PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product_detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information.

Exploits (1)

exploitdb WRITEUP

by indoushka · textwebappsphp

https://www.exploit-db.com/exploits/48138

View Code ZIP pw:eip

References (4)

[Various Sources] http://www.allhandsmarketing.com/

[Various Sources] http://www.pcollectionnecktie.com/sandbox/

[Third Party Advisory] https://www.vulncheck.com/advisories/phpix-professional-id-sql-injection

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/48138

Scores

CVSS v3 7.1

EPSS 0.0004

EPSS Percentile 13.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Classification

CWE

CWE-89

Status draft

Timeline

Published Feb 03, 2026

Tracked Since Feb 18, 2026