Vulnerability Description
Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with '=''or' payload to login.php, granting unauthorized access to the system.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://elaniin.com/
- https://github.com/elaniin/CMS
- https://www.exploit-db.com/exploits/48705
- https://www.vulncheck.com/advisories/elaniin-cms-authentication-bypass
FAQ
What is CVE-2020-36999?
CVE-2020-36999 is a vulnerability with a CVSS score of 8.2 (HIGH). Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by ...
How severe is CVE-2020-36999?
CVE-2020-36999 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-36999?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.