High severity7.1NVD Advisory· Published May 16, 2026· Updated May 18, 2026
CVE-2021-47980
CVE-2021-47980
Description
Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col' parameter to extract database information based on response time delays.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: =1.4.13
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.