lmxcms admin.php sql injection
CVE-2023-5017

9.8CRITICAL

Key Information:

Vendor: Lmxcms
Status: lmxcms
Vendor: CVE Published:; 17 September 2023

What is CVE-2023-5017?

A flaw has been identified in LMXCMS versions up to 1.41, allowing an attacker to exploit the 'lid' argument within the admin.php file. This vulnerability enables unauthorized SQL commands to be executed, potentially leading to unauthorized data access, modification, or deletion. Despite early notification to the vendor, no response was received, leaving users at risk of exploitation.

Affected Version(s)

lmxcms 1.0

lmxcms 1.1

lmxcms 1.2

References

https://vuldb.com/?id.239858

vdb-entrytechnical-description

https://vuldb.com/?ctiid.239858

signature

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2023
Vulnerability Reserved
Sep 16, 2023

Credit

yuanshen (VulDB User)

Lmxcms

What is CVE-2023-5017?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit