CVE-2020-36999

Vulnerability

Analysis

Elaniin CMS 1.0 is vulnerable to an SQL injection-based authentication bypass in the login.php script. The application fails to properly sanitize the email and password parameters, allowing an attacker to inject SQL statements directly into the login query [2][3]. Specifically, sending the payload '=''or' in both fields causes the SQL statement to evaluate as true, bypassing credential verification entirely [1][3].

Attack

Vector

The attack requires no authentication and can be executed remotely over the network. An attacker simply sends a POST request to /elaniin/login.php with the malicious parameters. The low complexity of the exploitation — only a basic HTTP request is needed — combined with no required privileges, makes this vulnerability easily exploitable [2][3]. The attack surface is the login form exposed to any user.

Impact

Successful exploitation grants the attacker unauthorized access to the CMS dashboard. Depending on the CMS configuration, this could lead to full administrative control, including the ability to modify site content, access user data, or further compromise the underlying server [1][2]. The CVSS v3 score of 8.2 reflects high impact on confidentiality and low impact on integrity, with no impact on availability [2].

Mitigation

As of this analysis, no official patch has been released for Elaniin CMS 1.0. The vendor's GitHub repository has not addressed this vulnerability [1]. Organizations using this CMS should immediately implement input validation and parameterized queries to prevent SQL injection. Until a fix is available, restricting network access to the login page and using a web application firewall (WAF) may reduce risk.