CVE-2021-47714 MEDIUM

CVE-2021-47714: Hasura GraphQL 1.3.3 Local File Read via SQL Injection

Vendor Hasura

Product Hasura GraphQL

Weakness CWE-89 · SQLi

Published December 22, 2025

Last update April 7, 2026

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Hasura GraphQL 1.3.3 contains a local file read vulnerability that allows attackers to access system files through SQL injection in the query endpoint. Attackers can exploit the pg_read_file() PostgreSQL function by crafting malicious SQL queries to read arbitrary files on the server.

Key dates

02Disclosure timeline

December 22, 2025 CVE published

April 7, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-47714

Related vulnerabilities

04Related CVE

CVE-2025-62015 WordPress Advanced Coupons for WooCommerce Coupons plugin <= 4.6.8 - SQL Injection vulnerability CVE-2026-4470 itsourcecode Online Frozen Foods Ordering System admin_edit_menu.php sql injection CVE-2024-46907 WhatsUp Gold GetFilterCriteria SQL Injection Privilege Escalation Vulnerability CVE-2025-5979 code-projects School Fees Payment System branch.php sql injection CVE-2014-125058 LearnMeSomeCodes project3 search.rb search_first_name sql injection