Home

Description

Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with '=''or' payload to login.php, granting unauthorized access to the system.

PUBLISHED Reserved 2026-01-27 | Published 2026-01-29 | Updated 2026-01-29 | Assigner VulnCheck




HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
HIGH: 8.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Problem types

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

1.0
affected

Credits

BKpatron finder

References

www.exploit-db.com/exploits/48705 (ExploitDB-48705) exploit

elaniin.com/ (Vendor Homepage) product

github.com/elaniin/CMS (Elaniin CMS GitHub Repository) product

www.vulncheck.com/...ories/elaniin-cms-authentication-bypass (VulnCheck Advisory: elaniin CMS 1.0 - Authentication Bypass) third-party-advisory

cve.org (CVE-2020-36999)

nvd.nist.gov (CVE-2020-36999)

Download JSON