CVE-2020-36999
SQL Injection Authentication Bypass in Elaniin CMS
Publication date: 2026-01-29
Last updated on: 2026-01-29
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| elaniin | cms | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Elaniin CMS 1.0 is an authentication bypass caused by an SQL injection flaw in the login.php page. Attackers can manipulate the email and password parameters by injecting crafted payloads such as '=''or' to bypass the login authentication mechanism. This allows unauthorized users to access the dashboard without valid credentials. [1, 4]
How can this vulnerability impact me? :
This vulnerability allows attackers to fully bypass authentication controls and gain unauthorized access to the system's dashboard. This can lead to unauthorized access to sensitive information, potential data manipulation, and compromise of the system's integrity and security. [1, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to exploit the authentication bypass via SQL injection on the login.php page. A common detection method is to send a crafted POST request to the login.php endpoint with the email and password parameters set to the payload '='''or'. For example, using curl, you can run the following command to test for the vulnerability: curl -X POST -F "email='=''or'" -F "password='=''or'" http://<target>/elaniin/login.php If the response indicates successful login or access to the dashboard without valid credentials, the system is vulnerable. [4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the login.php page, applying input validation and parameterized queries to prevent SQL injection, and updating or patching Elaniin CMS to a version where this vulnerability is fixed. If a patch is not available, consider implementing web application firewall (WAF) rules to block malicious payloads targeting the login parameters. Additionally, monitor logs for suspicious login attempts using the SQL injection payload patterns. [1, 4]