# Exploit Title: We-com OpenData CMS 2.0 Authentication Bypass / SQL Injection  
# Google Dork:N/A  
# Date: 2020-04-17  
# Exploit Author: @ThelastVvV  
# Vendor Homepage:  
# Version: 2.0  
# Tested on: 5.5.0-kali1-amd64  
Vendor contact timeline:  
2020-05-05: Contacting vendor through  
2020-05-26: A Patch is published in the version  
2020-06-01: Release of security advisory  
Authentication Bypass / SQL Injection in the opendata 2.0 CMS  
USERNAME: admin' or '1' = '1'; -- -   
the SQL injection attack has resulted in a bypass of the login,to confirm you will get a reponse in header of the page with "okokokokokokokokokokokokokok"  
But will not redirect you to the control panel so you wil need to do it manual  
and we are now authenticated as "adminstrator".