CVE-2021-47918

HIGH 8.1

Simple CMS 2.1 SQL Injection Vulnerability via Users Module

CVSS Score

8.1

EPSS Score

0.0%

EPSS Percentile

0th

Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application.

CWE	CWE-89
Vendor	simplephpscripts
Product	simple cms
Published	Feb 1, 2026
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for simplephpscripts simple cms

Be the first to know when new high vulnerabilities affecting simplephpscripts simple cms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Affected Versions

Simplephpscripts / Simple CMS

2.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vulnerability-lab.com: https://www.vulnerability-lab.com/get_content.php?id=2303 simplephpscripts.com: https://simplephpscripts.com/simple-cms-php vulncheck.com: https://www.vulncheck.com/advisories/simple-cms-sql-injection-vulnerability-via-users-module2

Credits

Vulnerability-Lab [Research Team]