A vulnerability was found in lmxcms 1.41 and classified as critical. Affected by this issue is the function reply of the file BookAction.class.php. The manipulation of the argument id with the input 1) and updatexml(0,concat(0x7e,user()),1)# leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222728.
References
Link | Resource |
---|---|
https://vuldb.com/?id.222728 | Permissions Required Third Party Advisory |
https://vuldb.com/?ctiid.222728 | Permissions Required Third Party Advisory |
Configurations
Information
Published : 2023-03-10 08:15
Updated : 2023-03-15 09:06
NVD link : CVE-2023-1322
Mitre link : CVE-2023-1322
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
lmxcms
- lmxcms