CVE-2023-1322

A vulnerability was found in lmxcms 1.41 and classified as critical. Affected by this issue is the function reply of the file BookAction.class.php. The manipulation of the argument id with the input 1) and updatexml(0,concat(0x7e,user()),1)# leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222728.
References
Link Resource
https://vuldb.com/?id.222728 Permissions Required Third Party Advisory
https://vuldb.com/?ctiid.222728 Permissions Required Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:lmxcms:lmxcms:1.41:*:*:*:*:*:*:*

Information

Published : 2023-03-10 08:15

Updated : 2023-03-15 09:06


NVD link : CVE-2023-1322

Mitre link : CVE-2023-1322


JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa

Products Affected

lmxcms

  • lmxcms