{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/layerbb/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2021-47954"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["LayerBB 1.1.4"],"_cs_severities":["high"],"_cs_tags":["sql-injection","cve-2021-47954","web-application"],"_cs_type":"advisory","_cs_vendors":["LayerBB"],"content_html":"\u003cp\u003eLayerBB version 1.1.4 is susceptible to an SQL injection vulnerability (CVE-2021-47954) that allows unauthenticated attackers to manipulate database queries. This vulnerability arises from the insufficient sanitization of the \u003ccode\u003esearch_query\u003c/code\u003e parameter, enabling attackers to inject arbitrary SQL code through crafted POST requests to \u003ccode\u003e/search.php\u003c/code\u003e. Successful exploitation could lead to the extraction of sensitive database information, potentially compromising the entire LayerBB installation. This poses a significant risk to organizations using this version of LayerBB, as attackers could gain unauthorized access to confidential data.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable LayerBB 1.1.4 instance.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious POST request targeting the \u003ccode\u003e/search.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe POST request includes a \u003ccode\u003esearch_query\u003c/code\u003e parameter containing SQL injection payloads, such as \u003ccode\u003eCASE WHEN\u003c/code\u003e statements.\u003c/li\u003e\n\u003cli\u003eThe vulnerable application fails to properly sanitize the \u003ccode\u003esearch_query\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code is executed within the context of the database query.\u003c/li\u003e\n\u003cli\u003eThe attacker extracts sensitive database information, such as user credentials or application data.\u003c/li\u003e\n\u003cli\u003eThe extracted information is sent back to the attacker.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the compromised data to gain further access or control over the LayerBB installation or related systems.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability (CVE-2021-47954) can lead to the complete compromise of the LayerBB 1.1.4 installation. Attackers can extract sensitive information, including user credentials, personal data, and potentially other confidential application data. This can result in data breaches, identity theft, and reputational damage for the affected organization.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply any available patches or updates for LayerBB to address CVE-2021-47954.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect LayerBB SQL Injection Attempt via Search Query\u003c/code\u003e to identify potential exploitation attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures on the \u003ccode\u003esearch_query\u003c/code\u003e parameter to prevent SQL injection attacks.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests to \u003ccode\u003e/search.php\u003c/code\u003e containing SQL injection payloads.\u003c/li\u003e\n\u003cli\u003eReview and harden database security configurations to limit the impact of potential SQL injection vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-16T16:20:10Z","date_published":"2026-05-16T16:20:10Z","id":"https://feed.craftedsignal.io/briefs/2026-05-layerbb-sql-injection/","summary":"LayerBB version 1.1.4 is vulnerable to SQL injection via the search_query parameter, allowing unauthenticated attackers to inject SQL code and extract sensitive database information.","title":"LayerBB 1.1.4 SQL Injection Vulnerability (CVE-2021-47954)","url":"https://feed.craftedsignal.io/briefs/2026-05-layerbb-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — LayerBB","version":"https://jsonfeed.org/version/1.1"}