Vulnerabilities > CVE-2007-4210 - SQL Injection vulnerability in Redline Software Lanai CMS 1.2.14
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description LANAI CMS 1.2.14 EZSHOPINGCART Module cid Parameter SQL Injection. CVE-2007-4210 . Webapps exploit for php platform id EDB-ID:30449 last seen 2016-02-03 modified 2007-08-03 published 2007-08-03 reporter k1tk4t source https://www.exploit-db.com/download/30449/ title LANAI CMS 1.2.14 EZSHOPINGCART Module cid Parameter SQL Injection description LANAI CMS 1.2.14 GALLERY Module gid Parameter SQL Injection. CVE-2007-4210. Webapps exploit for php platform id EDB-ID:30450 last seen 2016-02-03 modified 2007-08-03 published 2007-08-03 reporter k1tk4t source https://www.exploit-db.com/download/30450/ title LANAI CMS 1.2.14 GALLERY Module gid Parameter SQL Injection description LANAI CMS 1.2.14 FAQ Module mid Parameter SQL Injection. CVE-2007-4210. Webapps exploit for php platform id EDB-ID:30448 last seen 2016-02-03 modified 2007-08-03 published 2007-08-03 reporter k1tk4t source https://www.exploit-db.com/download/30448/ title LANAI CMS 1.2.14 FAQ Module mid Parameter SQL Injection