Vulnerability Description
Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redline Software | Lanai Cms | 1.2.14 |
References
- http://osvdb.org/36438
- http://osvdb.org/37470
- http://osvdb.org/37471
- http://secunia.com/advisories/26339
- http://securityreason.com/securityalert/2975
- http://www.securityfocus.com/archive/1/475447
- http://www.securityfocus.com/bid/25193Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35786
- http://osvdb.org/36438
- http://osvdb.org/37470
- http://osvdb.org/37471
- http://secunia.com/advisories/26339
- http://securityreason.com/securityalert/2975
- http://www.securityfocus.com/archive/1/475447
- http://www.securityfocus.com/bid/25193Patch
FAQ
What is CVE-2007-4210?
CVE-2007-4210 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FA...
How severe is CVE-2007-4210?
CVE-2007-4210 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4210?
Check the references section above for vendor advisories and patch information. Affected products include: Redline Software Lanai Cms.