Donate Telegram

CVE-2020-37081

HIGH CVSS 4.0: 7.1 EPSS 0.03%

Feb 03, 2026

Updated Feb 04, 2026

PHP

Parameter	Value
CVSS	7.1 (HIGH)
Type	CWE-89 (SQL Injection (SQL-инъекция))
Vendor	PHP
Public PoC	Yes

Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database management system and web application without user interaction.

Attack Parameters

Attack Vector

Network

Атака возможна удалённо

Attack Complexity

Low

Легко эксплуатировать

Attack Requirements

None

Нет дополнительных условий

Privileges Required

Low

Нужны базовые права

User Interaction

None

Не нужно действие пользователя

Impact Assessment

Confidentiality

High

Полная утечка данных

Integrity

Low

Частичная модификация данных

Availability

None

Нет нарушения работы

CVSS Vector v4.0

Weakness Type (CWE)

CWE-89 SQL Injection (SQL-инъекция)

References 4

https://fishingreservationsystem.com/index.html

disclosure@vulncheck.com

https://www.exploit-db.com/exploits/48417

disclosure@vulncheck.com

https://www.vulncheck.com/advisories/fishing-reservation-system-uid-sql-injecti…

disclosure@vulncheck.com

https://www.vulnerability-lab.com/get_content.php?id=2243

disclosure@vulncheck.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-28429

PHP

CVE-2026-28502

PHP

CVE-2026-28501

PHP

CVE-2026-3616

PHP

CVE-2026-3610

PHP

CVE Details

CVE ID

CVE-2020-37081

Published Date

Feb 03, 2026

Vendor

PHP

Severity

HIGH

CVSS v4.0 Score

7.1

High severity. Prioritize patching.

Exploit Prediction (EPSS)

Probability of Exploit 0.03%

Likelihood of exploitation in next 30 days

Percentile: 6.9th percentile (higher than 6.9% of all CVEs)

Standard patching cycle

Impact

Full data disclosure

Partial data modification

Source

Editor's Choice