CVE-2020-36945 HIGH

CVE-2020-36945: WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass

Vendor Webdamn.com
Product WebDamn User Registration & Login System with User Panel
Weakness CWE-89 · SQLi
Published January 28, 2026
Last update January 29, 2026

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

WebDamn User Registration Login System contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating email credentials. Attackers can inject the payload '<email>' OR '1'='1' in both username and password fields to gain unauthorized access to the user panel.

Key dates

02Disclosure timeline

January 28, 2026 CVE published
January 29, 2026 Record updated