| tiêu đề | LmxCMS v1.41 SQL Injection |
|---|
| Mô tả | A critical SQL injection vulnerability exists in LmxCMS v1.41, located in the manageZt() method within c\admin\ZtAction.class.php. The vulnerability arises because user-supplied sortid parameters are directly concatenated into SQL queries without proper sanitization or parameter binding. This flaw allows attackers to inject arbitrary SQL code, which can lead to sensitive data exposure, privilege escalation, or complete compromise of the database. Exploitation can be achieved by sending a specially crafted POST request, allowing attackers to retrieve sensitive information, manipulate the database, or execute arbitrary SQL commands.
|
|---|
| Nguồn | ⚠️ https://github.com/xiaoyangsec/LmxCMS-SQL-Injection/blob/main/LmxCMS-SQL-Injection.md |
|---|
| Người dùng | xiaoyang (UID 84496) |
|---|
| Đệ trình | 29/04/2025 14:23 (cách đây 1 Năm) |
|---|
| Kiểm duyệt | 10/05/2025 15:45 (11 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 308286 [LmxCMS 1.41 POST Request ZtAction.class.php manageZt sortid Tiêm SQL] |
|---|
| điểm | 20 |
|---|