Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
CVE-2020-37033: Infor Storefront B2B 1.0: Malicious Login Attacks via User Name Input
CVE-2020-37033
Summary
The Infor Storefront B2B 1.0 software is vulnerable to attacks that can manipulate database information. Attackers can use a user's login attempt to inject malicious code, which can lead to unauthorized access to sensitive data. To protect against this, ensure that user input is validated and sanitized, especially in login requests.
Original title
Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usr_name' parameter in login requests. Attackers can exploit the vu...
Original description
Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usr_name' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usr_name' parameter to potentially extract or modify database information.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 30 Jan 2026 · Updated: 15 Jun 2026 · First seen: 7 Mar 2026