CVE-2021-34117

HIGH

SEO Panel 4.9.0 - SQL Injection via Username Parameter in getUserName Function

Title source: llm
STIX 2.1

Description

SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information.

References (3)

Core 3

Scores

CVSS v3 7.5
EPSS 0.0094
EPSS Percentile 56.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
seopanel/seo_panel 4.9.0
Published Feb 15, 2023
Tracked Since Feb 18, 2026