Cyber Resilience

CVE-2020-37154

HighPublic PoC

Published: 07 February 2026

Published
07 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0003 9.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-37154 is a high-severity SQL Injection (CWE-89) vulnerability in Sourceforge (inferred from references). Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 9.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2020-37154 is an authenticated SQL injection vulnerability (CWE-89) in eLection 2.0, affecting the candidate management endpoint via the 'id' parameter. This flaw allows attackers to manipulate database queries in the open-source election management software hosted on SourceForge under the election-by-tripath project. The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N) and was published on 2026-02-07.

Authenticated attackers with low privileges can exploit this vulnerability remotely with low complexity and no user interaction required. By injecting malicious payloads through the 'id' parameter, they can manipulate database queries, and tools like SQLMap enable escalation to remote code execution, such as uploading backdoor files to the web application directory, resulting in high confidentiality impact and low integrity impact.

Advisories and references, including a GitHub proof-of-concept detailing SQLi to RCE (https://github.com/J3rryBl4nks/eLection-TriPath-/blob/master/SQLiIntoRCE.md), an Exploit-DB entry (https://www.exploit-db.com/exploits/48122), a VulnCheck advisory (https://www.vulncheck.com/advisories/election-id-sql-injection), and the SourceForge project page (https://sourceforge.net/projects/election-by-tripath/), document the issue and provide exploitation details but do not specify patches or mitigations in the available information.

EU & UK References

Vulnerability details

eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentially gaining remote code execution by uploading backdoor…

more

files to the web application directory.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

SQL injection in public-facing web app directly enables T1190 exploitation; documented escalation to web shell/backdoor upload enables T1505.003.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-22850Shared CWE-89
CVE-2026-22730Shared CWE-89
CVE-2026-30860Shared CWE-89
CVE-2026-41640Shared CWE-89
CVE-2026-22687Shared CWE-89
CVE-2023-7337Shared CWE-89
CVE-2026-36962Shared CWE-89
CVE-2026-2993Shared CWE-89
CVE-2026-28438Shared CWE-89
CVE-2026-32628Shared CWE-89

Affected Assets

Sourceforge
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and sanitization of the 'id' parameter to block malicious SQL payloads before they reach the database.

prevent

Restricts the authenticated user's database privileges so that even a successful SQLi via the candidate endpoint cannot easily achieve file-upload RCE.

detect

Enables monitoring of database query patterns and anomalies on the candidate management endpoint to identify SQLMap-driven exploitation attempts.

References