PT-2026-6822 · Election · Election
J3Rrybl4Nks
·
Published
2026-02-06
·
Updated
2026-02-07
·
CVE-2020-37154
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
eLection version 2.0
Description
The software contains an authenticated SQL injection issue in the candidate management endpoint. Attackers can manipulate database queries through the
id parameter. Exploitation can be performed using SQLMap, potentially leading to remote code execution by uploading backdoor files to the web application directory. The API endpoint affected is the candidate management endpoint.Recommendations
Apply input validation and parameterized queries to the
id parameter in the candidate management endpoint.Exploit
Fix
RCE
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Election