CVE-2020-36951

Published January 27th, 2026

View on NVD ↗

CVSS v3

8.2

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerability in the admin interface that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit this vulnerability by crafting malicious payloads that trigger time delays, enabling them to extract sensitive database information through conditional sleep techniques.

geraked/phpscript-sgh

PHP Script For Loan Fund Management

GitHub