CVE-2020-37141
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2026-02-07

Last updated on: 2026-02-09

Assigner: VulnCheck

Description
AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/maildetail.php to inject malicious SQL queries and potentially access or modify database contents.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-07
Last Modified
2026-02-09
Generated
2026-06-16
AI Q&A
2026-02-07
EPSS Evaluated
2026-06-14
NVD
CVE-2020-37141
EUVD
EUVD-2020-31105
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2020-37141 is a SQL injection vulnerability found in AMSS++ version 4.31, specifically in the mail module's maildetail.php script. The vulnerability exists in the 'id' parameter, which an attacker can manipulate to inject malicious SQL queries."}, {'type': 'paragraph', 'content': 'By exploiting this flaw, an attacker can alter the SQL queries executed by the application, potentially gaining unauthorized access to or modifying the database contents.'}] [1, 2]

Impact Analysis

This vulnerability can allow an attacker to remotely execute SQL injection attacks without any authentication or user interaction.

The impact includes unauthorized access to sensitive data stored in the database and the potential to modify database contents, which can compromise the integrity and confidentiality of the system.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This SQL injection vulnerability can be detected by testing the 'id' parameter in the URL endpoint /modules/mail/main/maildetail.php for SQL injection flaws."}, {'type': 'paragraph', 'content': 'A common method is to send crafted HTTP requests with SQL injection payloads to the vulnerable parameter and observe the responses for SQL errors or unexpected behavior.'}, {'type': 'list_item', 'content': 'Use curl or similar tools to send requests like: curl "http://<target>/amssplus/modules/mail/main/maildetail.php?id=1\' OR \'1\'=\'1"'}, {'type': 'list_item', 'content': 'Check for SQL error messages or abnormal responses indicating injection success.'}, {'type': 'list_item', 'content': "Use automated vulnerability scanners that support SQL injection detection targeting the 'id' parameter in the specified URL."}] [1, 2]

Mitigation Strategies

[{'type': 'paragraph', 'content': "Immediate mitigation steps include restricting access to the vulnerable script and applying input validation or sanitization on the 'id' parameter to prevent SQL injection."}, {'type': 'paragraph', 'content': 'If possible, update or patch AMSS++ to a version that fixes this vulnerability.'}, {'type': 'paragraph', 'content': "As a temporary measure, consider using web application firewalls (WAF) to block malicious SQL injection attempts targeting the 'id' parameter."}, {'type': 'paragraph', 'content': 'Monitor logs for suspicious requests to /modules/mail/main/maildetail.php and block IPs exhibiting attack patterns.'}] [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37141. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart