CVE-2021-4301

Summary

A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument $phpwcms['db_prepend'] leads to sql injection. The attack may be launched remotely. Upgrading to version 1.9.27 is able to address this issue. The patch is identified as 77dafb6a8cc1015f0777daeb5792f43beef77a9d. It is recommended to upgrade the affected component. VDB-217418 is the identifier assigned to this vulnerability.

Affected Software

VendorProductVersion RangeStatus
slackerophpwcms1.9.0affected
slackerophpwcms1.9.1affected
slackerophpwcms1.9.2affected
slackerophpwcms1.9.3affected
slackerophpwcms1.9.4affected
slackerophpwcms1.9.5affected
slackerophpwcms1.9.6affected
slackerophpwcms1.9.7affected
slackerophpwcms1.9.8affected
slackerophpwcms1.9.9affected
slackerophpwcms1.9.10affected
slackerophpwcms1.9.11affected
slackerophpwcms1.9.12affected
slackerophpwcms1.9.13affected
slackerophpwcms1.9.14affected
slackerophpwcms1.9.15affected
slackerophpwcms1.9.16affected
slackerophpwcms1.9.17affected
slackerophpwcms1.9.18affected
slackerophpwcms1.9.19affected
slackerophpwcms1.9.20affected
slackerophpwcms1.9.21affected
slackerophpwcms1.9.22affected
slackerophpwcms1.9.23affected
slackerophpwcms1.9.24affected
slackerophpwcms1.9.25affected
slackerophpwcms1.9.26affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References