CVE-2021-47916
Remote SQL Injection in Simple CMS 2.1 Users Module
Publication date: 2026-02-01
Last updated on: 2026-02-01
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unknown_vendor | simple_cms | to 2.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47916 is a high-severity remote SQL injection vulnerability in Simple CMS version 2.1 and earlier, specifically in the users module. It allows privileged attackers to inject malicious SQL commands through unvalidated input parameters in the admin.php file. This can compromise the database management system and the web application by executing unauthorized SQL commands. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that all input parameters in the admin.php file, especially in the users module, are properly validated and sanitized to prevent SQL injection. Limit privileges to only necessary users to reduce risk, and apply any available patches or updates for Simple CMS version 2.1 or earlier. Additionally, monitor and restrict access to the admin.php file to trusted users only. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
This vulnerability can lead to compromise of the database and web application, allowing attackers to breach data confidentiality and integrity. Attackers with some level of privilege can manipulate or access sensitive data, potentially causing data breaches or unauthorized data manipulation. [1]