Submit #399916: 10year lmxcms 1.4 RCEinfo

Title10year lmxcms 1.4 RCE
DescriptionThere is code execution at AcquisiModel.class.php of lmxcms, and there is a dangerous function eval in its formatData() method, which can be queried to get the malicious code after executing in and out of the malicious code through the backend sql and utilizing the formaData() method.
Source⚠️ https://github.com/gaorenyusi/gaorenyusi/blob/main/lmx.md
User
 gaorenyusi (UID 74236)
Submission08/29/2024 18:00 (2 years ago)
Moderation09/06/2024 17:30 (8 days later)
StatusAccepted
VulDB entry276728 [lmxcms up to 1.4 SQL Command Execution admin.php?m=Acquisi&a=testcj&lid=1 formatData data code injection]
Points17

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!