VYPR

LAN Management System

by Lan Management System

CVEs (86)

  • CVE-2024-36840CriJun 12, 2024
    risk 0.60cvss 9.1epss 0.02

    SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php.

  • CVE-2022-50805HigJan 13, 2026
    risk 0.53cvss 8.2epss 0.00

    Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially…

  • CVE-2025-67437MedMay 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset.

  • CVE-2024-8679MedDec 7, 2024
    risk 0.37cvss 6.8epss 0.00

    The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the ‘value' parameter of the owt_lib_handler AJAX action in all versions up to, and including, 3.1 due to insufficient escaping on the user supplied…

  • CVE-2024-12406MedDec 12, 2024
    risk 0.35cvss 6.5epss 0.00

    The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the 'owt7_borrow_books_id' parameter in all versions up to, and including, 3.2.0 due to insufficient escaping on the user supplied parameter and lack of…

  • CVE-2007-3325Jun 21, 2007
    risk 0.08cvss epss 0.64

    PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205.

  • CVE-2022-29009May 11, 2022
    risk 0.07cvss epss 0.21

    Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.

  • CVE-2024-48594Oct 28, 2024
    risk 0.06cvss epss 0.03

    File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the file upload component.

  • CVE-2018-18793Nov 16, 2018
    risk 0.04cvss epss 0.10

    School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.

  • CVE-2007-1643Mar 24, 2007
    risk 0.04cvss epss 0.11

    Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to…

  • CVE-2007-2205Apr 24, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643.

  • CVE-2004-1844Dec 31, 2004
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Member Management System 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the err parameter to error.asp or (2) register.asp.

  • CVE-2023-24317Feb 23, 2023
    risk 0.01cvss epss 0.02

    Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php.

  • CVE-2026-40455Jun 18, 2026
    risk 0.00cvss epss 0.00

    An SQL Injection vulnerability exists in LMS (LAN Management System) before commit 4cb30a7 within the "tarifflist.php" module due to insufficient sanitization of the POST "tg[]" parameter. The application directly concatenates user-supplied array values into an SQL query using…

  • CVE-2025-70890Jan 15, 2026
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability exists in Cyber Cafe Management System v1.0. An authenticated attacker can inject arbitrary JavaScript code into the username parameter via the add-users.php endpoint. The injected payload is stored and executed in the victim s…

  • CVE-2025-63534Dec 1, 2025
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript…

  • CVE-2025-63527Dec 1, 2025
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject…

  • CVE-2025-63533Dec 1, 2025
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject…

  • CVE-2025-63525Dec 1, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to perform actions with escalated privileges via crafted request to delete.php.

  • CVE-2025-63531Dec 1, 2025
    risk 0.00cvss epss 0.01

    A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and…

Page 1 of 5