CVE-2020-37008

EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without proper token authentication.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.elektraweb.com/en/
https://www.exploit-db.com/exploits/48858
https://www.vulncheck.com/advisories/easypms-authentication-bypass
https://www.exploit-db.com/exploits/48858

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) EasyPMS 1.0.0 contiene una vulnerabilidad de omisión de autenticación que permite a usuarios sin privilegios manipular consultas SQL en solicitudes JSON para acceder a información de usuario administrador. Los atacantes pueden explotar una validación de entrada débil inyectando comillas simples en parámetros de ID y modificar contraseñas de usuario administrador sin una autenticación de token adecuada.

29 Jan 2026, 17:16

Type	Values Removed	Values Added
References	~~() https://www.exploit-db.com/exploits/48858 -~~	() https://www.exploit-db.com/exploits/48858 -

29 Jan 2026, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-29 15:16

Updated : 2026-04-15 00:35

NVD link : CVE-2020-37008

Mitre link : CVE-2020-37008

CVE.ORG link : CVE-2020-37008

JSON object : View

Products Affected

No product.

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

{"id": "CVE-2020-37008", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-29T15:16:07.783", "references": [{"url": "https://www.elektraweb.com/en/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/48858", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/easypms-authentication-bypass", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/48858", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without proper token authentication."}, {"lang": "es", "value": "EasyPMS 1.0.0 contiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n que permite a usuarios sin privilegios manipular consultas SQL en solicitudes JSON para acceder a informaci\u00f3n de usuario administrador. Los atacantes pueden explotar una validaci\u00f3n de entrada d\u00e9bil inyectando comillas simples en par\u00e1metros de ID y modificar contrase\u00f1as de usuario administrador sin una autenticaci\u00f3n de token adecuada."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "disclosure@vulncheck.com"}