High severity7.5NVD Advisory· Published Jan 29, 2026· Updated Apr 15, 2026

CVE-2020-37008

Description

EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without proper token authentication.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.elektraweb.com/en/nvd
www.exploit-db.com/exploits/48858nvd
www.vulncheck.com/advisories/easypms-authentication-bypassnvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000