Unrated severityNVD Advisory· Published Feb 3, 2026· Updated Feb 4, 2026

Victor CMS 1.0 - 'post' SQL Injection

CVE-2020-37076

Description

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based, error-based, and time-based injection techniques.

Affected products

Victoralagwu/Cmssitev5
Range: 1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/48451mitreexploit
www.vulncheck.com/advisories/victor-cms-post-sql-injectionmitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000