LmxCMS SQL Injection Vulnerability in POST Request Handler
Vulnerability
A critical SQL injection vulnerability exists in LmxCMS version 1.41. The issue is located in the manageZt function of the c\admin\ZtAction.class.php file, within the POST request handler component. The vulnerability arises because the sortid parameter is manipulated and directly concatenated into SQL queries without proper sanitization or parameter binding, allowing remote attackers to inject arbitrary SQL code. Exploitation of this vulnerability could lead to unauthorized data access, privilege escalation, or complete database compromise.
Impact
Exploitation allows for arbitrary SQL code execution, potentially leading to unauthorized data access, data manipulation, or a complete database compromise.
Reproduction
To reproduce this vulnerability, send a POST request to 'admin.php?m=zt&a=manageZt' with a crafted sortid parameter that includes SQL injection payloads. The injection point is the sortid parameter, which is not validated before being used in an SQL query. The vulnerability can be exploited remotely.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.