What is the CVSS score of CVE-2020-37081?

CVE-2020-37081 has a CVSS 3.1 base score of 7.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of PHP are affected by CVE-2020-37081?

Fishing Reservation System 7.5 contains critical SQL injection vulnerabilities that could allow attackers to access, modify, or delete sensitive customer and operational data.

Is there a public PoC exploit available for CVE-2020-37081?

Yes, a public proof-of-concept exploit is available for CVE-2020-37081. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2020-37081?

Within 24 hours: Isolate affected systems from production networks or disable public access to admin.php, cart.php, and calendar.php endpoints; enable enhanced logging and monitoring for SQL injection patterns. Within 7 days: Deploy WAF rules to block SQL injection attempts; conduct database access reviews and implement least-privilege database credentials. Within 30 days: Evaluate alternative reservation systems; contact vendor for patch timeline; perform forensic audit of logs for signs of exploitation.

PHP CVE-2020-37081

HIGH

SQL Injection (CWE-89)

2026-02-03 disclosure@vulncheck.com

PHP SQLi

7.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.1 HIGH

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 04, 2026 - 16:33 vuln.today

Public exploit code

CVE Published

Feb 03, 2026 - 22:16 nvd

HIGH 7.1

DescriptionCVE.org

Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database management system and web application without user interaction.

AnalysisAI

Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. [CVSS 7.1 HIGH]

Technical ContextAI

Classified as CWE-89 (SQL Injection). Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database management system and web application without user interaction.

Affected ProductsAI

Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to

RemediationAI

Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.