CVE-2021-28419

HIGH

SEO Panel 4.8.0 - SQL Injection via order_col Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-28419. PoCs published by nu11secur1ty.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in SEO Panel 4.8.0 via the 'order_col' parameter. It uses Selenium to automate login and then triggers a time-based SQL injection payload to confirm the vulnerability.

Description

The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.

Exploits (1)

exploitdb WORKING POC

by nu11secur1ty · pythonwebappsphp

https://www.exploit-db.com/exploits/49804

View Code ZIP pw:eip

This exploit demonstrates a blind SQL injection vulnerability in SEO Panel 4.8.0 via the 'order_col' parameter. It uses Selenium to automate login and then triggers a time-based SQL injection payload to confirm the vulnerability.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: SEO Panel 4.8.0

Auth required

Prerequisites: Valid credentials for the SEO Panel · Access to the login page · Selenium and Chrome WebDriver installed

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/seopanel/Seo-Panel/issues/209

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/162322/SEO-Panel-4.8.0-SQL-Injection.html

Scores

CVSS v3 7.2

EPSS 0.1067

EPSS Percentile 95.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

seopanel/seo_panel 4.8.0

Published Mar 18, 2021

Tracked Since Feb 18, 2026