Arbitrary File Read Vulnerability in lmxcms Version 1.41 by lmxcms Team
CVE-2022-48094

4.9MEDIUM

Key Information:

Vendor: Lmxcms
Status: Lmxcms
Vendor: CVE Published:; 1 February 2023

What is CVE-2022-48094?

lmxcms v1.41 has a security flaw that allows attackers to exploit an arbitrary file read vulnerability through the TemplateAction.class.php file. This vulnerability can lead to unauthorized access to sensitive information stored on the server, posing significant security risks for users of this CMS. It is crucial for users to review their security posture and apply necessary patches to mitigate risks associated with this vulnerability.

References

https://www.yuque.com/litanhua-fost9/hu05qa/gp3psgfdt1czp...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 1, 2023
Vulnerability Reserved
Dec 29, 2022

Lmxcms

What is CVE-2022-48094?

References

CVSS V3.1

Timeline