CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Grocerycrud: >> Grocery Crud Security Vulnerabilities

CVE-2021-47811

Grocery Crud 1.6.4 contains a SQL injection vulnerability in the order_by parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the order_by[] parameter in POST requests to the ajax_list endpoint to potentially extract or modify database information.

CVSS Score

8.2

EPSS Score

0.0

Published

2026-01-16

Page 1

Vulnerabilities

Vulnerable Software

Grocerycrud: >> Grocery Crud Security Vulnerabilities

Products

Pricing

Contact Us