CVE-2020-37156 MEDIUM

CVE-2020-37156: BloodX 1.0 - Authentication Bypass

Vendor Diveshlunker
Product BloodX
Weakness CWE-288
Published February 11, 2026
Last update March 5, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

BloodX 1.0 contains an authentication bypass vulnerability in login.php that allows attackers to access the dashboard without valid credentials. Attackers can exploit the vulnerability by sending a crafted payload with '=''or' parameters to bypass login authentication and gain unauthorized access.

Key dates

02Disclosure timeline

February 11, 2026 CVE published
March 5, 2026 Record updated