Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:58 a.m.5 views

CVE-2023-1322

A vulnerability was found in lmxcms 1.41 and classified as critical. Affected by this issue is the function reply of the file BookAction.class.php. The manipulation of the argument id with the input 1 and updatexml0,concat0x7e,user,1 leads to sql injection. The attack may be launched remotely. Th...

9.8CVSS7.9AI score0.00492EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/19 3:31 p.m.12 views

CVE-2025-1465 lmxcms Maintenance db.inc.php code injection

A vulnerability, which was classified as problematic, was found in lmxcms 1.41. Affected is an unknown function of the file db.inc.php of the component Maintenance. The manipulation leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high...

4.3CVSS0.00496EPSS
Exploits1References4
NVD
NVD
added 2023/03/10 4:15 p.m.11 views

CVE-2023-1321

A vulnerability has been found in lmxcms 1.41 and classified as critical. Affected by this vulnerability is the function update of the file AcquisiAction.class.php. The manipulation of the argument id with the input -1 and updatexml0,concat0x7e,user,1 leads to sql injection. The attack can be...

9.8CVSS7.5AI score0.00492EPSS
Exploits0References2
Prion
Prion
added 2023/03/10 4:15 p.m.30 views

Sql injection

A vulnerability was found in lmxcms 1.41 and classified as critical. Affected by this issue is the function reply of the file BookAction.class.php. The manipulation of the argument id with the input 1 and updatexml0,concat0x7e,user,1 leads to sql injection. The attack may be launched remotely. Th...

6.5CVSS9.6AI score0.00492EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/03/10 3:41 p.m.46 views

CVE-2023-1321

lmxcms 1.41 contains a SQL injection in AcquisiAction.class.php: the update function’s id parameter can be manipulated (example: -1 with updatexml(0,concat(0x7e,user()),1)#) to trigger remote exploitation. This vulnerability has been publicly disclosed. Some sources mention a workaround for lmxcm...

9.8CVSS8.4AI score0.00492EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/01 12:0 a.m.8 views

CVE-2023-23136

lmxcms v1.41 was discovered to contain an arbitrary file deletion vulnerability via BackdbAction.class.php...

6.6AI score0.00824EPSS
Exploits1References1
Rows per page
Query Builder