CVE-2021-46459: SQL Injection
First published: Mon Jan 31 2022(Updated: )
Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request via the user_name, user_firstname,user_lastname, or user_email parameters.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Victor Cms Project Victor Cms | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the SQL injections in Victor CMS v1.0?
The vulnerability ID for the SQL injections in Victor CMS v1.0 is CVE-2021-46459.
What is the affected component in Victor CMS v1.0?
The affected component in Victor CMS v1.0 is admin/users.php?source=add_user.
How can the SQL injection vulnerabilities be exploited in Victor CMS v1.0?
The SQL injection vulnerabilities in Victor CMS v1.0 can be exploited through a crafted POST request via the user_name, user_firstname, user_lastname, or user_email parameters.
What is the severity of the SQL injection vulnerabilities in Victor CMS v1.0?
The severity of the SQL injection vulnerabilities in Victor CMS v1.0 is rated as high with a CVSS score of 7.5.
Is there any fix available for the SQL injection vulnerabilities in Victor CMS v1.0?
Yes, it is recommended to update Victor CMS to a patched version or apply necessary security patches to address the SQL injection vulnerabilities.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/event
- agent/weakness
- agent/type
- agent/description
- vendor/victor cms project
- canonical/victor cms project victor cms
- version/victor cms project victor cms/1.0