PatchSiren cyber security CVE debrief
CVE-2021-47954 Exploit Db CVE debrief
CVE-2021-47954 describes an unauthenticated SQL injection in LayerBB 1.1.4. The supplied record indicates attackers can abuse the search_query parameter on /search.php to manipulate database queries and extract sensitive information. In the supplied NVD record, the vulnerability is rated HIGH with a CVSS score of 8.8.
- Vendor
- Exploit Db
- Product
- Unknown
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-16
- Original CVE updated
- 2026-05-16
- Advisory published
- 2026-05-16
- Advisory updated
- 2026-05-16
Who should care
Web application owners running LayerBB 1.1.4, security teams monitoring forum or bulletin-board software, and defenders responsible for database-facing application inputs.
Technical summary
The supplied sources describe a CWE-89 SQL injection in LayerBB 1.1.4 that is reachable without authentication. Attackers can send POST requests to /search.php and inject SQL through the search_query parameter, allowing query manipulation and data extraction. The reference material also notes CASE WHEN-style probing consistent with blind SQL injection behavior. The supplied NVD record lists the issue as HIGH severity with CVSS 8.8.
Defensive priority
High. This is an unauthenticated database injection issue in a web-facing application path, which can enable sensitive data exposure and broader application compromise if the vulnerable input is reachable.
Recommended defensive actions
- Identify whether any LayerBB instances are running version 1.1.4 or another affected build referenced by the vendor advisory.
- Treat /search.php and the search_query parameter as high-risk input points and validate that server-side parameterization is used for all database queries.
- Apply the vendor fix or upgrade path referenced by the project or advisory if available.
- Add monitoring for abnormal POST traffic to /search.php and for repeated search patterns that may indicate SQL injection probing.
- Review database accounts used by the application to ensure least privilege and limit blast radius if injection succeeds.
- If exploitation is suspected, review application and database logs for unexpected query patterns and investigate for data access or modification.
Evidence notes
This debrief is based only on the supplied CVE record and linked references. The NVD entry identifies the weakness as CWE-89 and includes the supplied severity details. The source references point to an Exploit-DB disclosure and a VulnCheck advisory describing LayerBB SQL injection via the search_query parameter on /search.php. The supplied timeline fields show the CVE record date as 2026-05-16 in the provided data; this is used only as record timing context, not as the original issue date.
Official resources
The supplied corpus indicates public disclosure through secondary references, including Exploit-DB and a VulnCheck advisory. The official CVE/NVD records in the supplied data are dated 2026-05-16 for record context.