HIGH
codexcube
CVE published 2026-01-29
CVE-2020-37004
A blind SQL injection vulnerability in Ultimate Project Manager CRM PRO 2.0.5 allows authenticated attackers to extract usernames and password hashes from the tbl_users table via the /frontend/get_article_suggestion/ endpoint. The vulnerability enables boolean-based inference attacks to progressively retrieve credential data.