How to fix CVE-2020-37083?

Within 24 hours: Identify all systems running PHP AddressBook 9.0.0.1 and isolate or restrict network access to these instances. Within 7 days: Deploy Web Application Firewall (WAF) rules to block SQL injection patterns targeting the 'id' parameter, and disable the AddressBook application if not critical to operations. Within 30 days: Plan immediate upgrade to a patched version or replacement solution; evaluate vendor communication for security updates or consider decommissioning the application.

Is PHP affected by CVE-2020-37083?

PHP AddressBook 9.0.0.1 contains a critical SQL injection vulnerability that allows attackers to extract or manipulate sensitive database information without authentication.

CVE-2020-37083

HIGH

2026-02-03 [email protected]

8.2

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 04, 2026 - 16:33 vuln.today

Public exploit code

CVE Published

Feb 03, 2026 - 22:16 nvd

HIGH 8.2

Description

PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'id' parameter. Attackers can inject crafted SQL statements with time delays to extract information by observing response times in the photo.php endpoint.

Analysis

PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'id' parameter. [CVSS 8.2 HIGH]

Technical Context

Classified as CWE-89 (SQL Injection). PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'id' parameter. Attackers can inject crafted SQL statements with time delays to extract information by observing response times in the photo.php endpoint.

Affected Products

Component: photo.php.

Remediation

Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +41

POC: +20

CVE-2020-37083 vulnerability details – vuln.today

Back

CVE-2020-37083

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2020-37083

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code