|
|
Info |
Last Modified |
| 2 months ago |
|
|
|
|
|
This Entry needs help! It is only 55% Complete. Click the edit link above to add more information.
Contributing is fast and easy, and benefits the entire security community.
|
|
Description |
(Description Provided by CVE) : Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Information Disclosure,
Input Manipulation
Impact:
Loss of Confidentiality,
Loss of Integrity
Exploit:
Exploit Available
OSVDB:
Web Related
|
|
Solution |
Upgrade to version 1.2.14-patch or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
Unknown or Incomplete
|
|
|
|
|
Credit |
- k1tk4t - k1k4t
 newhack.org - http://www.newhack.org/
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
