Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4210

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-4210
Last Modified 15 Nov 2008 01:56:13
Published 07 Aug 2007 10:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4210

Summary

Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.

Vulnerable Systems

Application

  • Redline Software Lanai Cms 1.2.14


References

BID - 25193

BUGTRAQ - 20070802 la-nai cms_v1.2.14 - Remote SQL Injection

OSVDB - 37471

OSVDB - 37470

OSVDB - 36438

XF - lanai-module-sql-injection(35786)

SREASON - 2975

SECUNIA - 26339


Last Updated: 27 May 2016 10:45:48