CVE-2020-36999

Name of the Vulnerable Software and Affected Versions Elaniin CMS version 1.0

Description An authentication bypass exists that allows unauthorized access to the dashboard via SQL injection on the login page. Attackers can gain access by sending crafted email and password parameters containing the '=''or' payload to the 'login.php' endpoint.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.