Filtered by vendor Rise Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-37004 2 Codexcube, Rise 2 Ultimate Project Manager Crm Pro, Ultimate Project Manager 2026-07-15 8.2 High
The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attackers can exploit the /frontend/get_article_suggestion/ endpoint by crafting malicious search parameters to progressively guess and retrieve user credentials through boolean-based inference techniques.