PT-2007-5405 · Lanai · Lanai Cms

Published

2007-08-08

Updated

2017-07-29

CVE-2007-4210

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions LANAI (la-nai) CMS version 1.2.14

Description The issue concerns SQL injection vulnerabilities in the module.php file of LANAI (la-nai) CMS. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. The vulnerabilities can be exploited through specific parameters in different modules:

the mid parameter in an 'faqviewgroup' action in the FAQ Modules,
the cid parameter in the EZSHOPINGCART Modules,
the gid parameter in a 'view' action in the GALLERY Modules.

Recommendations For LANAI (la-nai) CMS version 1.2.14, consider disabling the vulnerable modules (FAQ, EZSHOPINGCART, GALLERY) until a patch is available to prevent exploitation. Restrict access to the module.php file to minimize the risk of SQL injection attacks. Avoid using the mid, cid, and gid parameters in the affected modules until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-4210

Affected Products

Lanai Cms

PT-2007-5405 · Lanai · Lanai Cms

CVE-2007-4210

Related Identifiers

Affected Products

References · 13