关键信息 1. 漏洞标题 - Elaniin CMS 1.0 - Authentication Bypass 2. 严重程度 - High 3. 日期 - January 29, 2026 4. 影响 - Affecting: Elaniin CMS 1.0 5. CVE - CVE-2020-36999 6. CWE - CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 7. CVSS v3 分数 - 7.5 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/SC:H/CI:H/IA:H 8. 引用 - ExploitDB-48705 - Vendor Homepage - Elaniin CMS GitHub Repository 9. 贡献者 - BKpatron 10. 描述 - Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with "='or' payload to login.php, granting unauthorized access to the system.