{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-02T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "37470", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37470"}, {"name": "37471", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37471"}, {"name": "20070802 la-nai cms_v1.2.14 - Remote SQL Injection", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/475447"}, {"name": "lanai-module-sql-injection(35786)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35786"}, {"name": "36438", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36438"}, {"name": "2975", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2975"}, {"name": "26339", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26339"}, {"name": "25193", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25193"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4210", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "37470", "refsource": "OSVDB", "url": "http://osvdb.org/37470"}, {"name": "37471", "refsource": "OSVDB", "url": "http://osvdb.org/37471"}, {"name": "20070802 la-nai cms_v1.2.14 - Remote SQL Injection", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/475447"}, {"name": "lanai-module-sql-injection(35786)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35786"}, {"name": "36438", "refsource": "OSVDB", "url": "http://osvdb.org/36438"}, {"name": "2975", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2975"}, {"name": "26339", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26339"}, {"name": "25193", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25193"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:46:39.385Z"}, "title": "CVE Program Container", "references": [{"name": "37470", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37470"}, {"name": "37471", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37471"}, {"name": "20070802 la-nai cms_v1.2.14 - Remote SQL Injection", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/475447"}, {"name": "lanai-module-sql-injection(35786)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35786"}, {"name": "36438", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36438"}, {"name": "2975", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2975"}, {"name": "26339", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26339"}, {"name": "25193", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25193"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4210", "datePublished": "2007-08-08T01:52:00.000Z", "dateReserved": "2007-08-07T00:00:00.000Z", "dateUpdated": "2024-08-07T14:46:39.385Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redline_software:lanai_cms:1.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "B0E757B1-244F-4FA5-850C-D28D5B00AA25", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en module.php de LANAI (la-nai) CMS 1.2.14 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro (1) mid en una acci\u00f3n faqviewgroup en los M\u00f3dulos FAQ (preguntas frecuentes), el par\u00e1metro (2) cid en M\u00f3dulos EZSHOPINGCART, o el par\u00e1metro (3) gid en una acci\u00f3n view en los M\u00f3dulos GALLERY."}], "id": "CVE-2007-4210", "lastModified": "2026-04-23T00:35:47.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-08T02:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/36438"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/37470"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/37471"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26339"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2975"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/475447"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/25193"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35786"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/36438"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/37470"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/37471"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26339"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2975"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/475447"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/25193"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35786"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}