Vulnerability CVE-2007-4210


Published: 2007-08-07   Modified: 2012-02-12

Description:
Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
la-nai cms_v1.2.14 - Remote SQL Injection
k1tk4t
08.08.2007

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Redline software -> Lanai cms 

 References:
http://www.securityfocus.com/bid/25193
http://www.securityfocus.com/archive/1/475447
http://osvdb.org/37471
http://osvdb.org/37470
http://osvdb.org/36438
http://xforce.iss.net/xforce/xfdb/35786
http://securityreason.com/securityalert/2975
http://secunia.com/advisories/26339

Copyright 2024, cxsecurity.com

 

Back to Top