CVE-2026-40457
- EPSS 0.32%
- Veröffentlicht 18.06.2026 10:58:53
- Zuletzt bearbeitet 22.06.2026 17:49:19
A Reflected Cross-Site Scripting (XSS) vulnerability exists in LMS (LAN Management System) before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an...
CVE-2026-40456
- EPSS 0.95%
- Veröffentlicht 18.06.2026 10:58:51
- Zuletzt bearbeitet 22.06.2026 17:49:19
An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to the "exec()" function without proper validation, allowing attackers to execute arbitrary operating system...
CVE-2026-40455
- EPSS 0.22%
- Veröffentlicht 18.06.2026 10:58:50
- Zuletzt bearbeitet 22.06.2026 17:49:19
An SQL Injection vulnerability exists in LMS (LAN Management System) before commit 4cb30a7 within the "tarifflist.php" module due to insufficient sanitization of the POST "tg[]" parameter. The application directly concatenates user-supplied array val...
CVE-2018-1000535
- EPSS 1.76%
- Veröffentlicht 26.06.2018 16:29:01
- Zuletzt bearbeitet 21.11.2024 03:40:08
lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. This attack appear to be exploitable via GET parameter. This vulnerability a...