Vulnerability Description
SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order_col' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by injecting malicious SQL code into the order column parameter.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/seopanel/Seo-Panel/issues/209
- https://github.com/seopanel/Seo-Panel/releases/tag/4.9.0
- https://www.exploit-db.com/exploits/49666
- https://www.seopanel.org/
- https://www.vulncheck.com/advisories/seo-panel-ordercol-blind-sql-injection
FAQ
What is CVE-2021-47872?
CVE-2021-47872 is a vulnerability with a CVSS score of 7.1 (HIGH). SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order_col' paramet...
How severe is CVE-2021-47872?
CVE-2021-47872 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-47872?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.