4 matches found
CVE-2023-1321
A vulnerability has been found in lmxcms 1.41 and classified as critical. Affected by this vulnerability is the function update of the file AcquisiAction.class.php. The manipulation of the argument id with the input -1 and updatexml0,concat0x7e,user,1 leads to sql injection. The attack can be...
Sql injection
A vulnerability has been found in lmxcms 1.41 and classified as critical. Affected by this vulnerability is the function update of the file AcquisiAction.class.php. The manipulation of the argument id with the input -1 and updatexml0,concat0x7e,user,1 leads to sql injection. The attack can be...
CVE-2023-1321
lmxcms 1.41 contains a SQL injection in AcquisiAction.class.php: the update function’s id parameter can be manipulated (example: -1 with updatexml(0,concat(0x7e,user()),1)#) to trigger remote exploitation. This vulnerability has been publicly disclosed. Some sources mention a workaround for lmxcm...
CVE-2023-1321 lmxcms AcquisiAction.class.php update sql injection
A vulnerability has been found in lmxcms 1.41 and classified as critical. Affected by this vulnerability is the function update of the file AcquisiAction.class.php. The manipulation of the argument id with the input -1 and updatexml0,concat0x7e,user,1 leads to sql injection. The attack can be...