CVE-2025-4541 | LmxCMS 1.41 POST Request ZtAction.class.php manageZt sortid sql injection

Inserito da Angelo Barbosa | Mag 10, 2025 | CVE

A vulnerability classified as critical has been found in LmxCMS 1.41. Affected is the function manageZt of the file cadminZtAction.class.php of the component POST Request Handler. The manipulation of the argument sortid leads to sql injection.

This vulnerability is traded as CVE-2025-4541. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-4541 | LmxCMS 1.41 POST Request ZtAction.class.php manageZt sortid sql injection

Post correlati

CVE-2024-0366 | Starbox Plugin up to 3.4.7 on WordPress resource injection

CVE-2024-24783 | crypto-x509 up to 1.21.7/1.22.0 on Go Certificate Chain crypto/tls null pointer dereference

CVE-2024-28185 | Judge0 up to 1.13.0 run_script symlink

CVE-2024-37554 | CodeAstrology UltraAddons Elementor Lite Plugin up to 1.1.6 on WordPress cross site scripting