CVE-2020-37008

Name of the Vulnerable Software and Affected Versions EasyPMS version 1.0.0

Description The software contains an authentication bypass that permits unauthorized access to admin user information. Attackers can manipulate SQL queries within JSON requests due to weak input validation. Specifically, injecting single quotes into ID parameters allows modification of admin user passwords without valid token authentication.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.