CVE-2021-47918

HIGH

Simple CMS 2.1 - SQL Injection via Users Module Input Parameters

Title source: llm
STIX 2.1

Description

Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application.

References (3)

Core 3

Scores

CVSS v3 8.1
EPSS 0.0051
EPSS Percentile 40.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
simplephpscripts/simple_cms_php 2.1
Published Feb 01, 2026
Tracked Since Feb 18, 2026