CVE-2020-29472

An attacker navigates to the admin login page at `/admin/login.php` and submits the payload `admin' or '1'='1` in both the User ID and Password fields [ref_id=1]. The application does not sanitize or parameterize these inputs before constructing SQL queries, allowing the injected payload to alter the query logic. The condition `'1'='1'` always evaluates to true, bypassing authentication and granting the attacker admin panel access without valid credentials [ref_id=1].

The vulnerability exists in the admin login page at `/admin/login.php` of the Under Construction Page with cPanel 1.0 application [ref_id=1]. The exact file and function responsible for handling authentication are not specified in the advisory, but the login form accepts unsanitized user input for both the User ID and Password fields [ref_id=1].

No patch or official fix is provided in the advisory [ref_id=1]. The remediation guidance implied by the disclosure is to implement parameterized queries (prepared statements) or proper input sanitization on the login form fields to prevent SQL injection. Without such changes, the authentication mechanism remains vulnerable to the trivial `' or '1'='1` bypass [ref_id=1].

1. Open the admin login page at `http://localhost/Under%20Construction/admin/login.php`. 2. Enter the payload `admin' or '1'='1` in both the User ID and Password fields. 3. Submit the form; the server accepts the payload and grants admin panel access without valid credentials [ref_id=1].