A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
History

Mon, 09 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Lmxcms
Lmxcms lmxcms
CPEs cpe:2.3:a:lmxcms:lmxcms:1.0:*:*:*:*:*:*:*
cpe:2.3:a:lmxcms:lmxcms:1.1:*:*:*:*:*:*:*
cpe:2.3:a:lmxcms:lmxcms:1.2:*:*:*:*:*:*:*
cpe:2.3:a:lmxcms:lmxcms:1.3:*:*:*:*:*:*:*
cpe:2.3:a:lmxcms:lmxcms:1.4:*:*:*:*:*:*:*
Vendors & Products Lmxcms
Lmxcms lmxcms
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 07 Sep 2024 09:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title lmxcms SQL Command Execution Module admin.php formatData code injection
Weaknesses CWE-94
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-09-07T09:00:04.600Z

Updated: 2024-09-09T14:02:50.625Z

Reserved: 2024-09-06T15:30:25.039Z

Link: CVE-2024-8523

cve-icon Vulnrichment

Updated: 2024-09-09T14:02:32.011Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-07T09:15:02.807

Modified: 2024-09-09T13:03:38.303

Link: CVE-2024-8523

cve-icon Redhat

No data.