PT-2007-5405 · Lanai · Lanai Cms

Publicado

2007-08-08

Atualizado

2017-07-29

CVE-2007-4210

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions LANAI (la-nai) CMS version 1.2.14

Description The issue concerns SQL injection vulnerabilities in the module.php file of LANAI (la-nai) CMS. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. The vulnerabilities can be exploited through specific parameters in different modules:

the mid parameter in an 'faqviewgroup' action in the FAQ Modules,
the cid parameter in the EZSHOPINGCART Modules,
the gid parameter in a 'view' action in the GALLERY Modules.

Recommendations For LANAI (la-nai) CMS version 1.2.14, consider disabling the vulnerable modules (FAQ, EZSHOPINGCART, GALLERY) until a patch is available to prevent exploitation. Restrict access to the module.php file to minimize the risk of SQL injection attacks. Avoid using the mid, cid, and gid parameters in the affected modules until the issue is resolved.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2007-4210

Produtos afetados

Lanai Cms

PT-2007-5405 · Lanai · Lanai Cms

CVE-2007-4210

Identificadores relacionados

Produtos afetados

Referências · 13