1. Home
  2. CVE Database
  3. CVE-2020-37154
HIGH · 7.1

CVE-2020-37154

eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can l...

Vulnerability Description

eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentially gaining remote code execution by uploading backdoor files to the web application directory.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
NONE

Related Weaknesses (CWE)

CWE-89

References

FAQ

What is CVE-2020-37154?

CVE-2020-37154 is a vulnerability with a CVSS score of 7.1 (HIGH). eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can l...

How severe is CVE-2020-37154?

CVE-2020-37154 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-37154?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.