CVE-2021-28999: SQL Injection
First published: Mon May 08 2023(Updated: )
SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cmsmadesimple Cms Made Simple | <=2.2.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-28999?
CVE-2021-28999 is a SQL Injection vulnerability in CMS Made Simple through version 2.2.15.
How severe is CVE-2021-28999?
CVE-2021-28999 has a severity rating of 8.8 (high).
How does CVE-2021-28999 impact the affected software?
CVE-2021-28999 allows remote attackers to execute arbitrary commands via the m1_sortby parameter in the modules/News/function.admin_articlestab.php file.
How can I fix CVE-2021-28999?
To fix CVE-2021-28999, upgrade CMS Made Simple to version 2.2.16 or higher.
Where can I find more information about CVE-2021-28999?
Additional information about CVE-2021-28999 can be found at: [https://seclists.org/fulldisclosure/2021/Mar/49](https://seclists.org/fulldisclosure/2021/Mar/49) and [https://github.com/beerpwn/CVE/blob/master/cms_made_simple_2021/sqli_order_by/CMS-MS-SQLi-report.md](https://github.com/beerpwn/CVE/blob/master/cms_made_simple_2021/sqli_order_by/CMS-MS-SQLi-report.md)
- collector/nvd-latest
- collector/nvd-index
- agent/references
- agent/type
- vendor/cmsmadesimple
- canonical/cmsmadesimple cms made simple
- version/cmsmadesimple cms made simple/2.2.15