elaniin CMS 1.0 - Authentication Bypass | Advisories

Advisories

elaniin CMS 1.0 - Authentication Bypass

severity: high
date: January 29, 2026
Affecting: Elaniin CMS 1.0
CVE: CVE-2020-36999
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS: 8.8
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
References: ExploitDB-48705
Vendor Homepage
Elaniin CMS GitHub Repository
Credit: BKpatron
Description: Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with '=''or' payload to login.php, granting unauthorized access to the system.