CVE-2021-47918

high

Description

Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application.

References

https://www.vulnerability-lab.com/get_content.php?id=2303

https://www.vulncheck.com/advisories/simple-cms-sql-injection-vulnerability-via-users-module2

https://simplephpscripts.com/simple-cms-php

Details

Source: Mitre, NVD

Published: 2026-02-01

Updated: 2026-02-01

Risk Information

CVSS v2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:N

Severity: High

CVSS v3

Base Score: 8.1

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High

CVSS v4

Base Score: 8.6

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Severity: High