vendor:
elaniin CMS
by:
BKpatron
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: elaniin CMS
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:elaniin:elaniin_cms
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Win 10
2020
elaniin CMS 1.0 – Authentication Bypass
Attacker can bypass login page and access to dashboard page by sending a POST request with email and password parameters set to '=''or'
Mitigation:
Implement strong authentication mechanisms and use secure password policies
