| Titel | 10year lmxcms 1.4 RCE |
|---|
| Beschreibung | There is code execution at AcquisiModel.class.php of lmxcms, and there is a dangerous function eval in its formatData() method, which can be queried to get the malicious code after executing in and out of the malicious code through the backend sql and utilizing the formaData() method. |
|---|
| Quelle | ⚠️ https://github.com/gaorenyusi/gaorenyusi/blob/main/lmx.md |
|---|
| Benutzer | gaorenyusi (UID 74236) |
|---|
| Einreichung | 29.08.2024 18:00 (vor 2 Jahren) |
|---|
| Moderieren | 06.09.2024 17:30 (8 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 276728 [lmxcms bis 1.4 SQL Command Execution admin.php?m=Acquisi&a=testcj&lid=1 formatData data erweiterte Rechte] |
|---|
| Punkte | 17 |
|---|