CVE-2020-37156

MEDIUM

BloodX 1.0 - Unauthenticated Authentication Bypass via Crafted Payload in login.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37156. PoCs published by riamloo.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in BloodX 1.0 via SQL injection in the login.php file. The payload manipulates the email and password parameters to bypass authentication and access the dashboard.

Description

BloodX 1.0 contains an authentication bypass vulnerability in login.php that allows attackers to access the dashboard without valid credentials. Attackers can exploit the vulnerability by sending a crafted payload with '=''or' parameters to bypass login authentication and gain unauthorized access.

Exploits (1)

exploitdb WORKING POC VERIFIED
by riamloo · textwebappsphp
https://www.exploit-db.com/exploits/47842

This exploit demonstrates an authentication bypass vulnerability in BloodX 1.0 via SQL injection in the login.php file. The payload manipulates the email and password parameters to bypass authentication and access the dashboard.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: BloodX 1.0
No auth needed
Prerequisites: Access to the login page of the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/47842
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/bloodx-authentication-bypass

Scores

CVSS v3 6.5
EPSS 0.0030
EPSS Percentile 21.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-288
Status published
Products (1)
diveshlunker/BloodX 1.0
Published Feb 11, 2026
Tracked Since Feb 18, 2026