CVE-2021-47918

Name of the Vulnerable Software and Affected Versions Simple CMS version 2.1

Description The Simple CMS software contains a remote SQL injection issue. Privileged attackers can inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the admin.php file to minimize the risk of exploitation.