CVE-2020-37154
Authenticated SQL Injection in eLection 2.0 Enables Remote Code Execution
Publication date: 2026-02-07
Last updated on: 2026-02-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| j3rrybl4nks | election | 2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2020-37154 is an authenticated SQL injection vulnerability found in eLection version 2.0, specifically in the candidate management endpoint. It occurs because the 'id' parameter in SQL commands is not properly sanitized, allowing an attacker with authenticated access to manipulate database queries."}, {'type': 'paragraph', 'content': 'Attackers can exploit this vulnerability using automated tools like SQLMap to perform various SQL injection techniques such as boolean-based blind, time-based blind, and UNION-based injections. This exploitation can lead to uploading backdoor files (PHP web shells) to the web application directory, resulting in remote code execution (RCE) and gaining an operating system shell on the server.'}] [2, 3]
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized manipulation of the database and potential full remote code execution on the server hosting the eLection application.
- Attackers with authenticated access can alter database queries, potentially extracting or modifying sensitive data.
- Exploitation can lead to uploading malicious backdoor files, allowing attackers to execute arbitrary code remotely.
- Remote code execution can result in complete compromise of the server, including access to the underlying operating system shell.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by intercepting and analyzing POST requests to the candidate management endpoint, specifically targeting the 'id' parameter in requests to `/election/admin/ajax/op_kandidat.php`."}, {'type': 'paragraph', 'content': 'Using SQLMap with high risk and level settings is recommended to test for the SQL injection vulnerability. The suggested command includes specifying the target URL, the vulnerable parameter, and the risk and level options.'}, {'type': 'list_item', 'content': 'sqlmap -u "http://target/election/admin/ajax/op_kandidat.php" --data="aksi=fetch&id=256" -p id --level=5 --risk=3'}, {'type': 'paragraph', 'content': "The vulnerability can be confirmed by testing for Boolean-based blind injection (e.g., `id=256 AND 8584=8584`), time-based blind injection using MySQL's SLEEP function (e.g., `id=256 AND (SELECT 8551 FROM (SELECT(SLEEP(5)))nYfJ)`), and UNION-based injection techniques."}] [3]
What immediate steps should I take to mitigate this vulnerability?
I don't know