What is the CVSS score of CVE-2020-37035?

CVE-2020-37035 has a CVSS 3.1 base score of 8.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of PHP are affected by CVE-2020-37035?

A critical SQL injection vulnerability in e-Learning PHP Script 0.1.0 allows attackers to bypass database security controls and potentially access, modify, or delete sensitive educational data and…

Is there a public PoC exploit available for CVE-2020-37035?

Yes, a public proof-of-concept exploit is available for CVE-2020-37035. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2020-37035?

Within 24 hours: Disable the search functionality or take the affected application offline if mission-critical alternatives exist; inventory all systems running e-Learning PHP Script 0.1.0. Within 7 days: Implement Web Application Firewall (WAF) rules to block SQL injection patterns in search parameters; conduct database access logs review for signs of exploitation. Within 30 days: Migrate to alternative e-learning platform or evaluate community patches; perform security assessment of all affected systems and audit database for unauthorized access or data modifications.

PHP CVE-2020-37035

HIGH

SQL Injection (CWE-89)

2026-01-30 disclosure@vulncheck.com

PHP SQLi

8.2

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.2 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:00 vuln.today

PoC Detected

Feb 03, 2026 - 16:44 vuln.today

Public exploit code

CVE Published

Jan 30, 2026 - 23:16 nvd

HIGH 8.2

DescriptionCVE.org

e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. Attackers can inject malicious SQL code in the 'search' parameter to potentially extract, modify, or access sensitive database information.

AnalysisAI

e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. [CVSS 8.2 HIGH]

Technical ContextAI

Classified as CWE-89 (SQL Injection). Affects the search component of search functionality. e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. Attackers can inject malicious SQL code in the 'search' parameter to potentially extract, modify, or access sensitive database information.

Affected ProductsAI

Product: search functionality. Component: search.

RemediationAI

Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.