CVE-2021-47918
Remote SQL Injection in Simple CMS 2.1 Users Module
Publication date: 2026-02-01
Last updated on: 2026-02-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| simplephpscripts | simple_cms_php | 2.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47918 is a remote SQL injection vulnerability in Simplephpscripts Simple CMS version 2.1. It exists in the users module within the admin.php file, specifically in the newUser and editUser functions handling POST requests. Privileged attackers (with moderator-level access) can submit crafted input parameters such as name, username, and password that are not properly sanitized. This allows them to inject arbitrary SQL commands into the database, potentially compromising the database management system, web server, and the web application. Exploitation requires privileged authentication and sending a specially crafted POST request to admin.php?act=users. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with privileged access to execute arbitrary SQL commands on the backend database. This can lead to unauthorized data access, modification, or corruption within the database, potentially compromising sensitive user information and the integrity of the web application. It may also expose the web server to further attacks and disrupt normal application functionality. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to trigger SQL errors through crafted POST requests to the admin.php?act=users endpoint, specifically targeting the 'name', 'username', and 'password' parameters in the users module. For example, submitting a username containing special characters such as single or double quotes can cause unfiltered MySQL exceptions, indicating the presence of the vulnerability. Detection can involve sending POST requests with payloads designed to cause SQL syntax errors and observing if SQL error messages are returned. Specific commands would involve using tools like curl or Burp Suite to send POST requests with malicious input to admin.php?act=users while authenticated as a privileged user. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Disabling the display of SQL error messages on both frontend and backend to prevent leakage of database query details. 2) Restricting input parameters by disallowing special characters such as single and double quotes in the user input fields. 3) Implementing input validation or filtering mechanisms to detect and block malformed or malicious SQL queries. 4) Ensuring strict access control by limiting privileged access to the admin panel. Longer-term fixes involve using prepared statements for all SQL queries handling POST requests to prevent SQL injection. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not explicitly discuss the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA. However, since the vulnerability allows privileged attackers to perform remote SQL injection and potentially compromise the database and web application, it could lead to unauthorized access or exposure of sensitive personal data. This in turn may result in non-compliance with data protection regulations that require safeguarding personal information. Therefore, organizations using Simple CMS 2.1 should consider this vulnerability a risk to compliance and take appropriate mitigation steps. [1]