CVE-2007-4210

LANAI CMS 1.2.14 - SQL Injection

Title source: llm

Description

Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.

Exploits (4)

exploitdb WORKING POC VERIFIED

by k1tk4t · textwebappsphp

https://www.exploit-db.com/exploits/4258

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by k1tk4t · textwebappsphp

https://www.exploit-db.com/exploits/30450

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by k1tk4t · textwebappsphp

https://www.exploit-db.com/exploits/30448

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by k1tk4t · textwebappsphp

https://www.exploit-db.com/exploits/30449

View Code ZIP pw:eip

References (8)

Core 8

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/37470

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/35786

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/36438

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/37471

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/475447

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/2975

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26339

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/25193

Scores

EPSS 0.0293

EPSS Percentile 86.5%

Details

Status published

Products (1)

redline_software/lanai_cms 1.2.14

Published Aug 08, 2007

Tracked Since Feb 18, 2026