CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi=testcj=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may be...

7.2CVSS7.6AI score0.00919EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 4:29 a.m.•4 views

CVE-2023-5017

A vulnerability was found in lmxcms up to 1.41. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin.php. The manipulation of the argument lid leads to sql injection. VDB-239858 is the identifier assigned to this vulnerability. NOTE: The vendor was...

9.8CVSS7.3AI score0.00038EPSS

Exploits0

RedhatCVE•added 2025/05/23 4:3 a.m.•3 views

CVE-2023-46958

An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file...

9.8CVSS7.8AI score0.02198EPSS

Exploits0

RedhatCVE•added 2025/05/23 3:40 a.m.•4 views

CVE-2023-29598

lmxcms v1.4.1 was discovered to contain a SQL injection vulnerability via the setbook parameter at index.php...

9.8CVSS8.3AI score0.00233EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 3:17 a.m.•2 views

CVE-2023-23136

lmxcms v1.41 was discovered to contain an arbitrary file deletion vulnerability via BackdbAction.class.php...

6.5CVSS7.4AI score0.00875EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 2:58 a.m.•1 views

CVE-2023-1322

A vulnerability was found in lmxcms 1.41 and classified as critical. Affected by this issue is the function reply of the file BookAction.class.php. The manipulation of the argument id with the input 1 and updatexml0,concat0x7e,user,1 leads to sql injection. The attack may be launched remotely. Th...

9.8CVSS7.9AI score0.00179EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 2:33 a.m.•1 views

CVE-2023-1321

A vulnerability has been found in lmxcms 1.41 and classified as critical. Affected by this vulnerability is the function update of the file AcquisiAction.class.php. The manipulation of the argument id with the input -1 and updatexml0,concat0x7e,user,1 leads to sql injection. The attack can be...

9.8CVSS7.4AI score0.00232EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 12:20 a.m.•4 views

CVE-2022-48094

lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php...

4.9CVSS7.5AI score0.00311EPSS

Exploits1

RedhatCVE•added 2025/05/22 7:53 p.m.•5 views

CVE-2021-35437

SQL injection vulnerability in LMXCMS v.1.4 allows attacker to execute arbitrary code via the TagsAction.class...

9.8CVSS8.6AI score0.00081EPSS

Exploits1References1