CVE-2020-37156
Awaiting Analysis Awaiting Analysis - Queue

Authentication Bypass in BloodX 1.0 login.php Enables Unauthorized Access

Vulnerability report for CVE-2020-37156, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-11

Last updated on: 2026-02-12

Assigner: VulnCheck

Description

BloodX 1.0 contains an authentication bypass vulnerability in login.php that allows attackers to access the dashboard without valid credentials. Attackers can exploit the vulnerability by sending a crafted payload with '=''or' parameters to bypass login authentication and gain unauthorized access.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-11
Last Modified
2026-02-12
Generated
2026-07-06
AI Q&A
2026-02-11
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
diveshlunker bloodx 1.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-288 The product requires authentication, but the product has an alternate path or channel that does not require authentication.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2020-37156 is an authentication bypass vulnerability in BloodX version 1.0, specifically in the login.php file. This flaw allows attackers to access the dashboard without valid credentials by sending a crafted payload containing parameters such as '=' or 'or' to bypass the login authentication mechanism."}] [2, 3]

Impact Analysis

This vulnerability allows an attacker to gain unauthorized access to the BloodX dashboard without valid credentials. As a result, attackers can potentially view sensitive information or perform actions reserved for authenticated users, compromising the confidentiality of the system. However, the vulnerability does not impact integrity or availability.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by attempting to exploit the authentication bypass in the login.php file of BloodX 1.0. Specifically, sending a crafted POST request with payload parameters such as '=' or 'or' in the email and password fields can reveal if the system is vulnerable."}, {'type': 'paragraph', 'content': 'A sample command using curl to test the vulnerability would be:'}, {'type': 'list_item', 'content': 'curl -X POST -d "email=\'=\'\'or\'&password=\'=\'\'or\'" http://target-site/login.php -v'}, {'type': 'paragraph', 'content': 'If the response grants access to the dashboard without valid credentials, the vulnerability is present.'}] [2, 3]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'Immediate mitigation steps include:'}, {'type': 'list_item', 'content': 'Restrict access to the login.php page by implementing proper input validation and sanitization to prevent crafted payloads from bypassing authentication.'}, {'type': 'list_item', 'content': 'Update or patch the BloodX application to a version where this authentication bypass vulnerability is fixed, if available.'}, {'type': 'list_item', 'content': 'Implement multi-factor authentication to add an additional layer of security beyond username and password.'}, {'type': 'list_item', 'content': "Monitor access logs for suspicious login attempts using payloads similar to '=' or 'or' in parameters."}, {'type': 'list_item', 'content': 'If immediate patching is not possible, consider restricting network access to the application to trusted IPs only.'}] [2, 3]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37156. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart