CVE-2020-37141
BaseFortify
Publication date: 2026-02-07
Last updated on: 2026-02-09
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2020-37141 is a SQL injection vulnerability found in AMSS++ version 4.31, specifically in the mail module's maildetail.php script. The vulnerability exists in the 'id' parameter, which an attacker can manipulate to inject malicious SQL queries."}, {'type': 'paragraph', 'content': 'By exploiting this flaw, an attacker can alter the SQL queries executed by the application, potentially gaining unauthorized access to or modifying the database contents.'}] [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to remotely execute SQL injection attacks without any authentication or user interaction.
The impact includes unauthorized access to sensitive data stored in the database and the potential to modify database contents, which can compromise the integrity and confidentiality of the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This SQL injection vulnerability can be detected by testing the 'id' parameter in the URL endpoint /modules/mail/main/maildetail.php for SQL injection flaws."}, {'type': 'paragraph', 'content': 'A common method is to send crafted HTTP requests with SQL injection payloads to the vulnerable parameter and observe the responses for SQL errors or unexpected behavior.'}, {'type': 'list_item', 'content': 'Use curl or similar tools to send requests like: curl "http://<target>/amssplus/modules/mail/main/maildetail.php?id=1\' OR \'1\'=\'1"'}, {'type': 'list_item', 'content': 'Check for SQL error messages or abnormal responses indicating injection success.'}, {'type': 'list_item', 'content': "Use automated vulnerability scanners that support SQL injection detection targeting the 'id' parameter in the specified URL."}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "Immediate mitigation steps include restricting access to the vulnerable script and applying input validation or sanitization on the 'id' parameter to prevent SQL injection."}, {'type': 'paragraph', 'content': 'If possible, update or patch AMSS++ to a version that fixes this vulnerability.'}, {'type': 'paragraph', 'content': "As a temporary measure, consider using web application firewalls (WAF) to block malicious SQL injection attempts targeting the 'id' parameter."}, {'type': 'paragraph', 'content': 'Monitor logs for suspicious requests to /modules/mail/main/maildetail.php and block IPs exhibiting attack patterns.'}] [2]