CVE-2020-36999

HIGH

Elaniin CMS 1.0 - Unauthenticated Authentication Bypass and SQL Injection via Login Page

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-36999. PoCs published by BKpatron.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in elaniin CMS 1.0 via SQL injection in the login.php file. The payload manipulates the email and password parameters to bypass authentication and gain access to the dashboard.

Description

Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with '=''or' payload to login.php, granting unauthorized access to the system.

Exploits (1)

exploitdb WORKING POC
by BKpatron · textwebappsphp
https://www.exploit-db.com/exploits/48705

This exploit demonstrates an authentication bypass vulnerability in elaniin CMS 1.0 via SQL injection in the login.php file. The payload manipulates the email and password parameters to bypass authentication and gain access to the dashboard.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: elaniin CMS v1.0
No auth needed
Prerequisites: Access to the login page of elaniin CMS
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/48705
Various Sources product
https://elaniin.com/

Scores

CVSS v3 8.2
EPSS 0.0030
EPSS Percentile 21.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
Elaniin/Elaniin CMS 1.0
Published Jan 29, 2026
Tracked Since Feb 18, 2026