RSS   Podatności dla 'Lan management system'   RSS

2007-04-24
 
CVE-2007-2205

CWE-Other
 

 
PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643.

 
 
CVE-2007-2198

 

 
Cross-site scripting (XSS) vulnerability in LAN Management System (LMS) before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD parameter to contrib/formularz_przelewu_wplaty/druk.php.

 
2007-03-23
 
CVE-2007-1643

CWE-94
 

 
Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to welcome.php.

 


Copyright 2022, cxsecurity.com

 

Back to Top