CVE-2007-4210

critical

Description

Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35786

http://www.securityfocus.com/bid/25193

http://www.securityfocus.com/archive/1/475447

http://securityreason.com/securityalert/2975

http://secunia.com/advisories/26339

http://osvdb.org/37471

http://osvdb.org/37470

http://osvdb.org/36438

Details

Source: Mitre, NVD

Published: 2007-08-08

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01874