CVE-2020-36945
Unknown Unknown - Not Provided
SQL Injection in WebDamn Login Allows Unauthorized Access

Publication date: 2026-01-28

Last updated on: 2026-01-28

Assigner: VulnCheck

Description
WebDamn User Registration Login System contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating email credentials. Attackers can inject the payload '<email>' OR '1'='1' in both username and password fields to gain unauthorized access to the user panel.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-28
Last Modified
2026-01-28
Generated
2026-06-16
AI Q&A
2026-01-29
EPSS Evaluated
2026-06-15
NVD
CVE-2020-36945
EUVD
EUVD-2020-30889
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
webdamn user_registration_login_system *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

You can detect this SQL injection vulnerability by attempting to inject the payload '<email>' OR '1'='1' into the username and password fields of the login form. If the system allows login without valid credentials, it indicates the vulnerability. Specific commands depend on your testing tools, but a simple test can be done using curl or a web proxy to send POST requests with the injection payload in the login parameters.

Mitigation Strategies

Immediate mitigation steps include applying input validation and parameterized queries to prevent SQL injection. Restricting direct database queries from user input and implementing proper authentication checks are essential. If a patch or update is available from the vendor, apply it promptly. Additionally, monitor login attempts for suspicious activity and consider temporarily disabling the vulnerable login functionality until fixed.

Executive Summary

This vulnerability is a SQL injection in the WebDamn User Registration Login System that allows attackers who are not authenticated to bypass login authentication. By injecting a specific payload ('<email>' OR '1'='1') into both the username and password fields, attackers can manipulate the system to gain unauthorized access to the user panel.

Impact Analysis

This vulnerability can allow attackers to bypass authentication controls and gain unauthorized access to the user panel, potentially leading to unauthorized data access or manipulation. This compromises the security of the system and the confidentiality of user information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-36945. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart