CVE-2023-5017: lmxcms admin.php sql injection
First published: Sun Sep 17 2023(Updated: )
A vulnerability was found in lmxcms up to 1.41. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin.php. The manipulation of the argument lid leads to sql injection. VDB-239858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lmxcms | <=1.41 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-5017?
CVE-2023-5017 is a critical vulnerability found in lmxcms up to version 1.41 that allows SQL injection through the manipulation of the 'lid' argument in the file admin.php.
What is the severity of CVE-2023-5017?
CVE-2023-5017 has a severity rating of 9.8, which is classified as critical.
How does CVE-2023-5017 affect lmxcms?
CVE-2023-5017 affects lmxcms up to version 1.41.
How can the SQL injection vulnerability in CVE-2023-5017 be exploited?
The SQL injection vulnerability in CVE-2023-5017 can be exploited by manipulating the 'lid' argument in the admin.php file.
Is there a fix available for CVE-2023-5017?
There is no information available about a specific fix for CVE-2023-5017 at this time.
- agent/author
- agent/references
- agent/type
- agent/weakness
- agent/description
- agent/softwarecombine
- agent/severity
- agent/title
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/lmxcms
- canonical/lmxcms
- version/lmxcms/1.41