WebDamn User Registration & Login System - SQLi Auth Bypass Severity: High Date: January 28, 2026 CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N References: ExploitDB-49170 Vendor Homepage Software Product Page Credit: Aakash Madaan Description: WebDamn User Registration Login System contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating email credentials. Attackers can inject the payload '' OR '1'='1' in both username and password fields to gain unauthorized access to the user panel. Miscellaneous Information: VulnCheck helps organizations outpace adversaries with vulnerability intelligence that predicts avenues of attack with speed and accuracy.