← Back
2026-02-06 23:14CVE-2020-37154VulnCheck
PUBLISHED5.2CWE-89

eLection 2.0 - 'id' SQL Injection

eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentially gaining remote code execution by uploading backdoor files to the web application directory.

Problem type

Affected products

Tripath Project

eLection

2.0 - AFFECTED

References

ExploitDB-48122

https://www.exploit-db.com/exploits/48122

exploit
eLection Project Vendor Homepage

https://sourceforge.net/projects/election-by-tripath/

product
Researcher Exploit Disclosure

https://github.com/J3rryBl4nks/eLection-TriPath-/blob/master/SQLiIntoRCE.md

technical-descriptionexploit
VulnCheck Advisory: eLection 2.0 - 'id' SQL Injection

https://www.vulncheck.com/advisories/election-id-sql-injection

third-party-advisory

GitHub Security Advisories

GHSA-cgfw-66j9-q2xp

eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management...

https://github.com/advisories/GHSA-cgfw-66j9-q2xp

eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentially gaining remote code execution by uploading backdoor files to the web application directory.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2020-37154

github.com

https://github.com/J3rryBl4nks/eLection-TriPath-/blob/master/SQLiIntoRCE.md

sourceforge.net

https://sourceforge.net/projects/election-by-tripath

exploit-db.com

https://www.exploit-db.com/exploits/48122

vulncheck.com

https://www.vulncheck.com/advisories/election-id-sql-injection

github.com

https://github.com/advisories/GHSA-cgfw-66j9-q2xp

JSON source

https://cveawg.mitre.org/api/cve/CVE-2020-37154
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2020-37154",
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "dateUpdated": "2026-02-06T23:14:08.762Z",
    "dateReserved": "2026-02-03T16:27:45.309Z",
    "datePublished": "2026-02-06T23:14:08.762Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck",
        "dateUpdated": "2026-02-06T23:14:08.762Z"
      },
      "datePublic": "2020-02-21T00:00:00.000Z",
      "title": "eLection 2.0 - 'id' SQL Injection",
      "descriptions": [
        {
          "lang": "en",
          "value": "eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentially gaining remote code execution by uploading backdoor files to the web application directory."
        }
      ],
      "affected": [
        {
          "vendor": "Tripath Project",
          "product": "eLection",
          "versions": [
            {
              "version": "2.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
              "cweId": "CWE-89",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.exploit-db.com/exploits/48122",
          "name": "ExploitDB-48122",
          "tags": [
            "exploit"
          ]
        },
        {
          "url": "https://sourceforge.net/projects/election-by-tripath/",
          "name": "eLection Project Vendor Homepage",
          "tags": [
            "product"
          ]
        },
        {
          "url": "https://github.com/J3rryBl4nks/eLection-TriPath-/blob/master/SQLiIntoRCE.md",
          "name": "Researcher Exploit Disclosure",
          "tags": [
            "technical-description",
            "exploit"
          ]
        },
        {
          "url": "https://www.vulncheck.com/advisories/election-id-sql-injection",
          "name": "VulnCheck Advisory: eLection 2.0 - 'id' SQL Injection",
          "tags": [
            "third-party-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "format": "CVSS"
        },
        {
          "format": "CVSS",
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "LOW",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH"
          }
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "J3rryBl4nks",
          "type": "finder"
        }
      ]
    }
  }
}