PT-2026-6822 · Election · Election
J3Rrybl4Nks
·
Publicado
2026-02-06
·
Atualizado
2026-02-07
·
CVE-2020-37154
CVSS v3.1
7.1
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
eLection version 2.0
Description
The software contains an authenticated SQL injection issue in the candidate management endpoint. Attackers can manipulate database queries through the
id parameter. Exploitation can be performed using SQLMap, potentially leading to remote code execution by uploading backdoor files to the web application directory. The API endpoint affected is the candidate management endpoint.Recommendations
Apply input validation and parameterized queries to the
id parameter in the candidate management endpoint.Exploit
Correção
RCE
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Election