{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2021-47918","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2026-02-01T11:24:18.715Z","datePublished":"2026-02-01T12:15:50.473Z","dateUpdated":"2026-03-05T01:29:18.686Z"},"containers":{"cna":{"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2026-03-05T01:29:18.686Z"},"datePublic":"2021-10-18T00:00:00.000Z","title":"Simple CMS 2.1 SQL Injection Vulnerability via Users Module","descriptions":[{"lang":"en","value":"Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application."}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","cweId":"CWE-89","type":"CWE"}]}],"affected":[{"vendor":"Simplephpscripts","product":"Simple CMS","versions":[{"version":"2.1","status":"affected"}],"defaultStatus":"unaffected"}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:simple-cms_project:simple_cms:2.1:*:*:*:*:*:*:*"}]}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":8.6,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS"},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","version":"3.1"},"format":"CVSS"}],"references":[{"url":"https://www.vulnerability-lab.com/get_content.php?id=2303","name":"Vulnerability Lab Advisory","tags":["exploit"]},{"url":"https://simplephpscripts.com/simple-cms-php","name":"Product Homepage","tags":["product"]},{"name":"VulnCheck Advisory: Simple CMS 2.1 SQL Injection Vulnerability via Users Module","tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/simple-cms-sql-injection-vulnerability-via-users-module2"}],"credits":[{"lang":"en","value":"Vulnerability-Lab [Research Team]","type":"finder"}],"x_generator":{"engine":"vulncheck"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-02-02T18:06:45.419816Z","id":"CVE-2021-47918","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-02T18:06:58.125Z"}}]}}