Lucene search
K

7 matches found

OSV
OSV
added 2026/02/03 10:16 p.m.5 views

CVE-2020-37089

School ERP Pro 1.0 contains a SQL injection vulnerability in the 'esmessagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete databas...

9.8CVSS5.8AI score0.00335EPSS
Exploits1References4
NVD
NVD
added 2026/02/03 10:16 p.m.5 views

CVE-2020-37089

School ERP Pro 1.0 contains a SQL injection vulnerability in the 'esmessagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete databas...

9.8CVSS0.00335EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/03 10:1 p.m.26 views

CVE-2020-37089 School ERP Pro 1.0 - 'es_messagesid' SQL Injection

School ERP Pro 1.0 contains a SQL injection vulnerability in the 'esmessagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete databas...

8.2CVSS0.00335EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/03 10:1 p.m.2 views

CVE-2020-37089

School ERP Pro 1.0 contains a SQL injection vulnerability in the 'esmessagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete databas...

8.2CVSS5.7AI score0.00335EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/02/03 10:1 p.m.12 views

CVE-2020-37089

CVE-2020-37089 concerns School ERP Pro 1.0 with a SQL injection in the es_messagesid parameter. The vulnerability can be exploited by sending crafted SQL via GET requests , potentially allowing attackers to extract, modify, or delete data . Root cause: improper handling of user-controlled input i...

9.8CVSS5.7AI score0.00335EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 10:1 p.m.2 views

CVE-2020-37089 School ERP Pro 1.0 - 'es_messagesid' SQL Injection

School ERP Pro 1.0 contains a SQL injection vulnerability in the 'esmessagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete databas...

8.2CVSS5.7AI score0.00335EPSS
Exploits1References4
0day.today
0day.today
added 2020/04/30 12:0 a.m.30 views

School ERP Pro 1.0 - (es_messagesid) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: School ERP Pro 1.0 - 'esmessagesid' SQL Injection Author: Besim ALTINOK Vendor Homepage: http://arox.in Software Link: https://sourceforge.net/projects/school-erp-ultimate/ Version: latest version Tested on: Xampp Credit: İsmail...

0.2AI score
Exploits0
Rows per page
Query Builder