Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
CVE-2021-47954: LayerBB 1.1.4: Unauthenticated SQL Injection via Search Query
CVE-2021-47954
Summary
LayerBB, a forum software, has a security weakness that allows hackers to access sensitive information without needing a login. This is a serious issue because it could lead to the exposure of confidential data. To protect your LayerBB installation, update to the latest version, which should fix this vulnerability.
Original title
LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the search_query parameter. Attackers can se...
Original description
LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the search_query parameter. Attackers can send POST requests to /search.php with malicious search_query values using CASE WHEN statements to extract sensitive database information.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 16 May 2026 · Updated: 28 May 2026 · First seen: 16 May 2026