CVE-2020-37033
Description
Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usr_name' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usr_name' parameter to potentially extract or modify database information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection in Infor Storefront B2B 1.0 via usr_name parameter allows attackers to manipulate database queries.
CVE-2020-37033 is a SQL injection vulnerability in Infor Storefront B2B 1.0. The flaw resides in the login page's handling of the 'usr_name' parameter, allowing injection of malicious SQL statements.
Attackers can exploit this vulnerability by sending crafted HTTP requests to the login.do endpoint. As demonstrated in the exploit proof-of-concept, tools like sqlmap can automate the exploitation, targeting the usr_name parameter with techniques such as error-based and stacked queries [2].
Successful exploitation could allow an attacker to extract sensitive database information, such as user credentials and business data, or modify the database content, potentially leading to privilege escalation or account compromise.
The vendor, Insite Software (now part of Episerver), has deprecated Infor Storefront in favor of InsiteCommerce, suggesting that no patch is available. Users are recommended to migrate to the newer platform to mitigate the risk [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: 1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.