CVE-2020-36999

HIGH

Elaniin CMS 1.0 - Auth Bypass

Title source: llm

Description

Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with '=''or' payload to login.php, granting unauthorized access to the system.

Exploits (1)

exploitdb WORKING POC

by BKpatron · textwebappsphp

https://www.exploit-db.com/exploits/48705

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/48705

[Various Sources] https://elaniin.com/

[Various Sources] https://github.com/elaniin/CMS

[Third Party Advisory] https://www.vulncheck.com/advisories/elaniin-cms-authentication-bypass

Scores

CVSS v3 8.2

EPSS 0.0012

EPSS Percentile 30.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

Elaniin/Elaniin CMS 1.0

Published Jan 29, 2026

Tracked Since Feb 18, 2026