CVE-2020-37006
SQL Injection in berliCRM 1.0.24 Allows Database Manipulation
Publication date: 2026-01-29
Last updated on: 2026-01-29
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| berlicrm | berlicrm | 1.0.24 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a SQL injection in berliCRM version 1.0.24, specifically in the 'src_record' parameter. Remote attackers can send a crafted POST request to the index.php endpoint with malicious SQL code injected into this parameter. Because the input is not properly sanitized, attackers can manipulate database queries to extract or modify sensitive information stored in the database. [2, 3]
How can this vulnerability impact me? :
The vulnerability allows attackers to execute arbitrary SQL commands on the berliCRM database. This can lead to unauthorized access to sensitive data, modification of database contents, and potentially denial of service by exploiting the database. Such impacts can compromise the confidentiality and integrity of your data. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted POST requests to the /index.php endpoint with malicious payloads in the 'src_record' parameter and observing the response behavior. For example, a time-based blind SQL injection payload like `0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z` can be used to detect the vulnerability by checking if the server response is delayed by 6 seconds, indicating successful injection. A sample command using curl to test this could be: curl -X POST -d "src_record=0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z" https://target-site.com/index.php If the response is delayed, it confirms the presence of the SQL injection vulnerability. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying input validation and sanitization on the 'src_record' parameter to prevent SQL injection. If a patch or update is available for berliCRM 1.0.24, upgrade to the fixed version. Additionally, restrict access to the vulnerable endpoint and monitor for suspicious POST requests targeting 'src_record'. Employing web application firewalls (WAF) to block malicious SQL injection payloads can also help reduce risk until a permanent fix is applied. [2, 3]