CVE-2020-37154

HIGH

eLection 2.0 - Authenticated SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37154. PoCs published by J3rryBl4nks.

AI-analyzed exploit summary This is a technical writeup detailing an authenticated SQL injection vulnerability in eLection 2.0, which can be exploited to achieve remote code execution. The writeup includes specific payloads, SQLMap commands, and a step-by-step explanation of the exploitation process.

Description

eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentially gaining remote code execution by uploading backdoor files to the web application directory.

Exploits (1)

exploitdb WRITEUP
by J3rryBl4nks · textwebappsphp
https://www.exploit-db.com/exploits/48122

This is a technical writeup detailing an authenticated SQL injection vulnerability in eLection 2.0, which can be exploited to achieve remote code execution. The writeup includes specific payloads, SQLMap commands, and a step-by-step explanation of the exploitation process.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: eLection 2.0
Auth required
Prerequisites: Admin credentials for the eLection application · BurpSuite or similar tool to capture requests · SQLMap for exploitation
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 7.1
EPSS 0.0045
EPSS Percentile 35.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
Tripath Project/eLection 2.0
Published Feb 07, 2026
Tracked Since Feb 18, 2026