Arbitrary File Deletion Vulnerability in lmxcms by LMR
CVE-2023-23136

6.5MEDIUM

Key Information:

Vendor: Lmxcms
Status: Lmxcms
Vendor: CVE Published:; 1 February 2023

What is CVE-2023-23136?

An arbitrary file deletion vulnerability has been identified in lmxcms v1.41, allowing unauthorized users to delete files through a flaw in the BackdbAction.class.php component. This poses a significant risk as attackers can manipulate this vulnerability to remove critical files from the server, potentially leading to data loss and further exploitation of the system.

References

https://www.yuque.com/litanhua-fost9/hu05qa/izexczwp01w5c...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 1, 2023
Vulnerability Reserved
Jan 11, 2023

Lmxcms

What is CVE-2023-23136?

References

CVSS V3.1

Timeline