CVE-2023-5017

Name of the Vulnerable Software and Affected Versions lmxcms versions up to 1.41

Description A critical issue affects some unknown functionality of the file admin.php. The manipulation of the lid argument leads to SQL injection. The vendor was contacted about this disclosure but did not respond.

Recommendations For versions up to 1.41, as a temporary workaround, consider restricting access to the admin.php file until a patch is available. Avoid using the lid argument in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.