CVE-2020-37008

EasyPMS 1.0.0 - Authentication Bypass

CVSS 8.7 HIGHEPSS 0.5%CWE-639

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.7EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

29 ene 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without proper token authentication.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

Elektraweb · EasyPMS

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.elektraweb.com/en/https://www.exploit-db.com/exploits/48858 https://www.vulncheck.com/advisories/easypms-authentication-bypass