CVE-2023-1322: lmxcms BookAction.class.php reply sql injection
First published: Fri Mar 10 2023(Updated: )
A vulnerability was found in lmxcms 1.41 and classified as critical. Affected by this issue is the function reply of the file BookAction.class.php. The manipulation of the argument id with the input 1) and updatexml(0,concat(0x7e,user()),1)# leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222728.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lmxcms | =1.41 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-1322?
The severity of CVE-2023-1322 is critical.
What is the affected software of CVE-2023-1322?
The affected software of CVE-2023-1322 is lmxcms version 1.41.
How does CVE-2023-1322 affect lmxcms?
CVE-2023-1322 affects the function 'reply' in the file BookAction.class.php of lmxcms, allowing for remote SQL injection.
What is the Common Weakness Enumeration (CWE) ID for CVE-2023-1322?
The Common Weakness Enumeration (CWE) ID for CVE-2023-1322 is CWE-89.
How can I mitigate the vulnerability in lmxcms version 1.41?
To mitigate the vulnerability in lmxcms version 1.41, apply the latest security patch or update to a fixed version recommended by the software vendor.
- agent/references
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/title
- agent/author
- agent/severity
- agent/description
- agent/softwarecombine
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/lmxcms
- canonical/lmxcms
- version/lmxcms/1.41