CVE-2023-1321

Name of the Vulnerable Software and Affected Versions lmxcms version 1.41

Description A critical issue has been found in the function update of the file AcquisiAction.class.php. The manipulation of the argument id with specific input leads to SQL injection. The attack can be launched remotely.

Recommendations For lmxcms version 1.41, as a temporary workaround, consider restricting the input for the id argument in the update function of AcquisiAction.class.php to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.