CVE-2021-47918

EUVD-2021-34753
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
VulnCheckCNA
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Affected Products (NVD)
VendorProductVersion
simplephpscriptssimple_cms_php
2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://simplephpscripts.com/simple-cms-php
https://www.vulncheck.com/advisories/simple-cms-sql-injection-vulnerability-via-users-module2
https://www.vulnerability-lab.com/get_content.php?id=2303