CVE-2020-37035

Sažetak

e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. Attackers can inject malicious SQL code in the 'search' parameter to potentially extract, modify, or access sensitive database information.

Reference

https://github.com/amitkolloldey/elearning-script
https://www.exploit-db.com/exploits/48629
https://www.vulncheck.com/advisories/e-learning-php-script-search-sql-injection

CVSS

Base:	8.2
Impact:	4.2
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Zadnje važnije ažuriranje

30-01-2026 - 23:16

Objavljeno

30-01-2026 - 23:16