CVE-2021-47918
8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Summary
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Simplephpscripts | Simple CMS | 2.1 | affected |
Weaknesses
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
- https://www.vulnerability-lab.com/get_content.php?id=2303
- https://simplephpscripts.com/simple-cms-php
- https://www.vulncheck.com/advisories/simple-cms-sql-injection-vulnerability-via-users-module2
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.