CVEs-PoC/2020/CVE-2020-35276.md

### [CVE-2020-35276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35276)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user.

### POC

#### Reference
- https://hardik-solanki.medium.com/authentication-admin-panel-bypass-which-leads-to-full-admin-access-control-c10ec4ab4255

#### Github
No PoCs found on GitHub currently.