CVE-2023-29598 – CVE-2023-29598 is a SQL injection vulnerability... (How to Fix)

Q: What is the severity of CVE-2023-29598?

CVE-2023-29598 has a CVSS score of 9.8 (CRITICAL). CVE-2023-29598 is a SQL injection vulnerability in lmxcms v1.4.1 that allows attackers to execute arbitrary SQL commands via the setbook parameter at index.php. This affects all users running the vulnerable version of lmxcms, potentially compromising the underlying database.

📋 TL;DR

CVE-2023-29598 is a SQL injection vulnerability in lmxcms v1.4.1 that allows attackers to execute arbitrary SQL commands via the setbook parameter at index.php. This affects all users running the vulnerable version of lmxcms, potentially compromising the underlying database.

💻 Affected Systems

Products:

lmxcms

Versions: v1.4.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the default installation of lmxcms v1.4.1. No special configuration required for exploitation.

📦 What is this software?

Lmxcms by Lmxcms

View all CVEs affecting Lmxcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, or remote code execution via database functions.

🟠

Likely Case

Unauthorized data access, extraction of sensitive information, or database manipulation.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple SQL injection via GET parameter with public proof-of-concept available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

1. Check for official patch from lmxcms developers. 2. If no patch available, implement workarounds or consider upgrading to a newer secure version if available.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to filter/sanitize the setbook parameter before processing.

Modify index.php to add: $setbook = filter_var($_GET['setbook'], FILTER_SANITIZE_STRING);

WAF Rule

all

Implement web application firewall rules to block SQL injection patterns in setbook parameter.

Add WAF rule: Detect and block SQL injection patterns in setbook parameter

🧯 If You Can't Patch

Implement strict input validation and parameterized queries for all database operations.
Restrict network access to the lmxcms application using firewall rules.

🔍 How to Verify

Check if Vulnerable:

Test by sending SQL injection payloads to index.php?setbook=[SQLi] and observing database errors or unexpected behavior.

Check Version:

Check lmxcms version in admin panel or configuration files.

Verify Fix Applied:

Test with same SQL injection payloads after applying fixes - should return error messages or no database interaction.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple requests with SQL-like patterns in setbook parameter
Database error messages in application logs

Network Indicators:

HTTP requests containing SQL keywords in setbook parameter
Unusual database connection patterns

SIEM Query:

source="web_logs" AND (uri="*index.php*" AND query="*setbook=*" AND (query="*SELECT*" OR query="*UNION*" OR query="*OR*"))

📊 Metadata

CVE ID: CVE-2023-29598

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: April 13, 2023

Last Updated: February 7, 2025

🔗 References

https://github.com/jspring996/PHPcodecms/issues/3 Exploit,Issue Tracking
https://github.com/jspring996/PHPcodecms/issues/3 Exploit,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-29598, you might also want to check these: