CVE-2021-47801

HIGH

Vianeos OctoPUS 5 - Time-Based Blind SQL Injection via Login User Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47801. PoCs published by Audencia Business SCHOOL Red Team.

AI-analyzed exploit summary This exploit demonstrates a time-based blind SQL injection vulnerability in Vianeos OctoPUS 5 via the 'login_user' POST parameter. The payload uses a SLEEP function to confirm the vulnerability.

Description

Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'login_user' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious POST requests with specially constructed SQL payloads that trigger database sleep functions to extract information.

Exploits (1)

exploitdb WORKING POC
by Audencia Business SCHOOL Red Team · textwebappsmultiple
https://www.exploit-db.com/exploits/50078

This exploit demonstrates a time-based blind SQL injection vulnerability in Vianeos OctoPUS 5 via the 'login_user' POST parameter. The payload uses a SLEEP function to confirm the vulnerability.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Vianeos OctoPUS > V5
No auth needed
Prerequisites: Access to the login page of the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/50078
Various Sources product
http://www.vianeos.com/en/home-vianeos/
Various Sources product
https://vianeos.com/en/products/octopus

Scores

CVSS v3 8.2
EPSS 0.0035
EPSS Percentile 26.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Published Jan 16, 2026
Tracked Since Feb 18, 2026