VYPR
High severity8.2NVD Advisory· Published Jan 29, 2026· Updated Apr 15, 2026

CVE-2020-36999

CVE-2020-36999

Description

Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with '=''or' payload to login.php, granting unauthorized access to the system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Elaniin/CMSreferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: = 1.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.