CVE-2021-47954
Description
LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the search_query parameter. Attackers can send POST requests to /search.php with malicious search_query values using CASE WHEN statements to extract sensitive database information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
LayerBB 1.1.4 SQL injection via search_query allows unauthenticated attackers to extract database information.
Root
Cause LayerBB 1.1.4 is vulnerable to SQL injection due to improper neutralization of the search_query parameter in /search.php. The application fails to sanitize user-supplied input, allowing attackers to inject arbitrary SQL commands [1].
Exploitation
The vulnerability can be exploited by sending POST requests to /search.php with a crafted search_query value. Attackers can use CASE WHEN statements to conduct blind SQL injection, extracting data character by character without authentication [2].
Impact and
Mitigation Successful exploitation allows an unauthenticated attacker to retrieve sensitive information from the database, such as user credentials and other confidential data. As of the latest advisory, no patch has been released for LayerBB 1.1.4; users are advised to implement input validation or use a web application firewall to mitigate the risk [1].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.