HIGH SeverityCVSS 4.07.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

CVE-2021-47980

Last updated May 16, 2026 · Published May 16, 2026

Description

Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col' parameter to extract database information based on response time delays.

Affected products

1 listed

Getfuelcms:Fuel CMS

Mappings

CWE

CWE-89

CAPEC

None listed.

Research

SQL InjectionCovers how unsafe query construction enables data theft and database compromise. Provides parameterization and…

Guides

SQL Injection Prevention with PrismaSafe patterns for raw queries and dynamic filters.

Training

Injection TodaySQL, NoSQL, ORM, and LLM injection - what's changed and what hasn't.

CVE-2021-47980

Description

Affected products

Mappings

Related