CVE-2007-4210

Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/36438
http://osvdb.org/37470
http://osvdb.org/37471
http://secunia.com/advisories/26339
http://securityreason.com/securityalert/2975
http://www.securityfocus.com/archive/1/475447
http://www.securityfocus.com/bid/25193	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/35786

Configurations

Configuration 1 (hide)

cpe:2.3:a:redline_software:lanai_cms:1.2.14:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-08-08 02:17

Updated : 2024-02-04 17:13

NVD link : CVE-2007-4210

Mitre link : CVE-2007-4210

CVE.ORG link : CVE-2007-4210

JSON object : View

Products Affected

redline_software

lanai_cms

CWE

NVD-CWE-Other

{"id": "CVE-2007-4210", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-08-08T02:17:00.000", "references": [{"url": "http://osvdb.org/36438", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/37470", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/37471", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26339", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/2975", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/475447", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25193", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35786", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en module.php de LANAI (la-nai) CMS 1.2.14 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro (1) mid en una acci\u00f3n faqviewgroup en los M\u00f3dulos FAQ (preguntas frecuentes), el par\u00e1metro (2) cid en M\u00f3dulos EZSHOPINGCART, o el par\u00e1metro (3) gid en una acci\u00f3n view en los M\u00f3dulos GALLERY."}], "lastModified": "2017-07-29T01:32:46.927", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redline_software:lanai_cms:1.2.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0E757B1-244F-4FA5-850C-D28D5B00AA25"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}