6 matches found
CVE-2023-1322
A vulnerability was found in lmxcms 1.41 and classified as critical. Affected by this issue is the function reply of the file BookAction.class.php. The manipulation of the argument id with the input 1 and updatexml0,concat0x7e,user,1 leads to sql injection. The attack may be launched remotely. Th...
CVE-2025-1465 lmxcms Maintenance db.inc.php code injection
A vulnerability, which was classified as problematic, was found in lmxcms 1.41. Affected is an unknown function of the file db.inc.php of the component Maintenance. The manipulation leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high...
CVE-2023-1321
A vulnerability has been found in lmxcms 1.41 and classified as critical. Affected by this vulnerability is the function update of the file AcquisiAction.class.php. The manipulation of the argument id with the input -1 and updatexml0,concat0x7e,user,1 leads to sql injection. The attack can be...
Sql injection
A vulnerability was found in lmxcms 1.41 and classified as critical. Affected by this issue is the function reply of the file BookAction.class.php. The manipulation of the argument id with the input 1 and updatexml0,concat0x7e,user,1 leads to sql injection. The attack may be launched remotely. Th...
CVE-2023-1321
lmxcms 1.41 contains a SQL injection in AcquisiAction.class.php: the update function’s id parameter can be manipulated (example: -1 with updatexml(0,concat(0x7e,user()),1)#) to trigger remote exploitation. This vulnerability has been publicly disclosed. Some sources mention a workaround for lmxcm...
CVE-2023-23136
lmxcms v1.41 was discovered to contain an arbitrary file deletion vulnerability via BackdbAction.class.php...