Vulnerability Details CVE-2020-36972
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare character-by-character of database information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.2%
CVSS Severity
CVSS v3 Score 8.2
References
Products affected by CVE-2020-36972
-
cpe:2.3:a:smartdatasoft:smartblog:2.0.1