CVE-2020-37004 — The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attack — CVE Database · The Intelligence Room