CNNVD-202602-1164 Information

CNNVD ID

CNNVD-202602-1164

Related CVE

CVE-2020-37154

• CNNVD Published: 2026-02-07

Description (Chinese)

eLection是fauzantrif个人开发者的一个选举项目内容管理系统。 eLection 2.0版本存在SQL注入漏洞，该漏洞源于候选人管理端点中参数id未经验证，可能导致SQL注入攻击。

Description (English)

ELECTIONS is an electoral project content management system for personal developers in fauzantrif. ELaction 2.0 has an injection loophole in SQL, which stems from the unverified parameter id in the candidate management endpoint, which could lead to an attack on SQL.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

个人开发者

Published

2026-02-07

Last Modified

2026-02-24

References

https://github.com/J3rryBl4nks/eLection-TriPath-/blob/master/SQLiIntoRCE.md https://sourceforge.net/projects/election-by-tripath/ https://www.exploit-db.com/exploits/48122 https://www.vulncheck.com/advisories/election-id-sql-injection