{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/fuel-cms-1.4.13/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2021-47980"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Fuel CMS 1.4.13"],"_cs_severities":["medium"],"_cs_tags":["cve","cve-2021-47980","sql-injection","web-application"],"_cs_type":"advisory","_cs_vendors":["Daylight Studio"],"content_html":"\u003cp\u003eFuel CMS 1.4.13 is susceptible to a blind SQL injection vulnerability (CVE-2021-47980) within the Activity Log interface. This flaw allows authenticated attackers to inject arbitrary SQL code into the \u0026lsquo;col\u0026rsquo; parameter of requests to the logs endpoint. Successful exploitation enables attackers to manipulate database queries and potentially extract sensitive information from the database by observing response time delays. The vulnerability exists due to insufficient input sanitization of the \u0026lsquo;col\u0026rsquo; parameter when constructing SQL queries. Defenders should implement detection and prevention measures to mitigate the risk of unauthorized data access.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authenticated attacker logs into the Fuel CMS application.\u003c/li\u003e\n\u003cli\u003eThe attacker navigates to the Activity Log interface.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the logs endpoint, injecting SQL code into the \u0026lsquo;col\u0026rsquo; parameter. The attacker crafts SQL injection payloads designed to cause time delays based on conditional logic.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted HTTP request to the server.\u003c/li\u003e\n\u003cli\u003eThe Fuel CMS application processes the request without proper sanitization of the \u0026lsquo;col\u0026rsquo; parameter, incorporating the malicious SQL code into a database query.\u003c/li\u003e\n\u003cli\u003eThe database executes the injected SQL code.\u003c/li\u003e\n\u003cli\u003eThe attacker monitors the response time from the server. By analyzing the timing, the attacker infers the results of the injected SQL queries, effectively extracting data bit by bit.\u003c/li\u003e\n\u003cli\u003eThe attacker repeats this process, refining the SQL injection payloads to extract additional database information such as usernames, passwords, or other sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this blind SQL injection vulnerability (CVE-2021-47980) could allow an attacker to extract sensitive information from the Fuel CMS database. This information could include user credentials, configuration details, and other confidential data. The impact includes potential data breaches, unauthorized access to the system, and further compromise of the application and its underlying infrastructure.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule designed to detect SQL injection attempts in HTTP requests targeting the logs endpoint in Fuel CMS to identify exploitation attempts (see rule below).\u003c/li\u003e\n\u003cli\u003eApply input validation and sanitization to the \u0026lsquo;col\u0026rsquo; parameter in the Activity Log interface to prevent SQL injection, according to secure coding practices.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity, such as unusual requests to the logs endpoint with potentially malicious SQL syntax in the \u0026lsquo;col\u0026rsquo; parameter.\u003c/li\u003e\n\u003cli\u003eUpgrade Fuel CMS to a patched version that addresses CVE-2021-47980, if available from the vendor.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-16T16:23:57Z","date_published":"2026-05-16T16:23:57Z","id":"https://feed.craftedsignal.io/briefs/2026-05-fuelcms-sqli/","summary":"Fuel CMS 1.4.13 is vulnerable to blind SQL injection via the 'col' parameter in the Activity Log interface, allowing authenticated attackers to manipulate database queries and extract information through time-based delays (CVE-2021-47980).","title":"Fuel CMS 1.4.13 Blind SQL Injection Vulnerability (CVE-2021-47980)","url":"https://feed.craftedsignal.io/briefs/2026-05-fuelcms-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Fuel CMS 1.4.13","version":"https://jsonfeed.org/version/1.1"}