CVE-2007-4210

Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/archive/1/475447
http://www.securityfocus.com/bid/25193	Patch
http://secunia.com/advisories/26339
http://securityreason.com/securityalert/2975
http://osvdb.org/37470
http://osvdb.org/36438
http://osvdb.org/37471
https://exchange.xforce.ibmcloud.com/vulnerabilities/35786

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:redline_software:lanai_cms:1.2.14:*:*:*:*:*:*:*

Information

Published : 2007-08-07 19:17

Updated : 2017-07-28 18:32

NVD link : CVE-2007-4210

Mitre link : CVE-2007-4210

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

redline_software

lanai_cms

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/1/475447", "name": "20070802 la-nai cms_v1.2.14 - Remote SQL Injection", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/bid/25193", "name": "25193", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/26339", "name": "26339", "tags": [], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/2975", "name": "2975", "tags": [], "refsource": "SREASON"}, {"url": "http://osvdb.org/37470", "name": "37470", "tags": [], "refsource": "OSVDB"}, {"url": "http://osvdb.org/36438", "name": "36438", "tags": [], "refsource": "OSVDB"}, {"url": "http://osvdb.org/37471", "name": "37471", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35786", "name": "lanai-module-sql-injection(35786)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-4210", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-08-08T02:17Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redline_software:lanai_cms:1.2.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:32Z"}