Cyber Resilience

CVE-2020-37004

HighPublic PoC

Published: 29 January 2026

Published
29 January 2026
Modified
26 May 2026
KEV Added
Patch
CVSS Score v4 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0022 12.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2020-37004 is a high-severity SQL Injection (CWE-89) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 12.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2020-37004 is a blind SQL injection vulnerability in Ultimate Project Manager CRM PRO version 2.0.5. The issue affects the /frontend/get_article_suggestion/ endpoint, where attackers can craft malicious search parameters to extract usernames and password hashes from the tbl_users database table using boolean-based inference techniques. It is classified under CWE-89 (SQL Injection) with a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N), highlighting high confidentiality impact.

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low attack complexity. By progressively guessing values through boolean-based blind SQL injection, they can retrieve sensitive user credentials, including usernames and password hashes, potentially enabling further compromise such as account takeover if hashes are cracked.

Advisories and related resources, including those from VulnCheck (https://www.vulncheck.com/advisories/ultimate-project-manager-crm-pro-sqli-credentials-leakage) and Exploit-DB (https://www.exploit-db.com/exploits/48912), provide additional details on the vulnerability. The vendor site is available at https://ultimatepro.codexcube.com/.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attackers can exploit the /frontend/get_article_suggestion/ endpoint by crafting malicious search parameters to…

more

progressively guess and retrieve user credentials through boolean-based inference techniques.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
Why these techniques?

Blind SQLi in public-facing web endpoint directly enables remote exploitation (T1190) and extraction of DB-stored credentials (T1213.006).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2018-25199Shared CWE-89
CVE-2026-27179Shared CWE-89
CVE-2025-0308Shared CWE-89
CVE-2019-25581Shared CWE-89
CVE-2026-27885Shared CWE-89
CVE-2019-25479Shared CWE-89
CVE-2026-1476Shared CWE-89
CVE-2019-25526Shared CWE-89
CVE-2025-69365Shared CWE-89
CVE-2019-25573Shared CWE-89

Affected Assets

Project Manager CRM PRO
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of all inputs to the get_article_suggestion endpoint, blocking the crafted search parameters that enable boolean-based blind SQL injection.

prevent

Enforces that only authorized queries may access tbl_users, preventing the unauthorized extraction of credentials that the injection bypasses.

detect

Enables monitoring of database query patterns and anomalies at the affected endpoint to identify ongoing boolean-based inference attacks.

References