CVE-2021-28999

CVSS V2 None CVSS V3 None

Description

SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.

Overview

CVE ID
CVE-2021-28999

Assigner
cve@mitre.org

Vulnerability Status
Awaiting Analysis

Published Version
2023-05-08T14:15:10

Last Modified Date
2023-05-08T14:17:28

References

Reference URL	Reference Tags
https://github.com/beerpwn/CVE/blob/master/cms_made_simple_2021/sqli_order_by/CMS-MS-SQLi-report.md
https://seclists.org/fulldisclosure/2021/Mar/49

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2021-28999
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28999

History

Created	Old Value	New Value	Data Type	Notes
2023-05-08 15:01:22				Added to TrackCVE