VYPR

LAN Management System

by Lan Management System

CVEs (87)

  • CVE-2022-31914MedJun 16, 2022
    risk 0.35cvss 5.4epss 0.00

    Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24.

  • CVE-2023-41614MedSep 21, 2023
    risk 0.31cvss 4.8epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description of Animal parameter.

  • CVE-2023-31934MedJul 28, 2023
    risk 0.31cvss 4.8epss 0.00

    Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php.

  • CVE-2023-24232MedFeb 10, 2023
    risk 0.31cvss 4.8epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.

  • CVE-2022-1837MedMay 24, 2022
    risk 0.31cvss 4.7epss 0.01

    A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input <?php phpinfo();?> leads to code execution. The attack may be launched remotely but…

  • CVE-2021-4232LowMay 26, 2022
    risk 0.23cvss 3.5epss 0.00

    A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input leads to cross site scripting. It is possible to launch the…

  • CVE-2022-1816LowMay 23, 2022
    risk 0.23cvss 3.5epss 0.01

    A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input…

  • CVE-2007-3325Jun 21, 2007
    risk 0.08cvss epss 0.64

    PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205.

  • CVE-2024-48594Oct 28, 2024
    risk 0.06cvss epss 0.03

    File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the file upload component.

  • CVE-2007-1643Mar 24, 2007
    risk 0.04cvss epss 0.11

    Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to…

  • CVE-2007-2205Apr 24, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643.

  • CVE-2004-1844Dec 31, 2004
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Member Management System 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the err parameter to error.asp or (2) register.asp.

  • CVE-2026-40455Jun 18, 2026
    risk 0.00cvss epss 0.00

    An SQL Injection vulnerability exists in LMS (LAN Management System) before commit 4cb30a7 within the "tarifflist.php" module due to insufficient sanitization of the POST "tg[]" parameter. The application directly concatenates user-supplied array values into an SQL query using…

  • CVE-2025-70890Jan 15, 2026
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability exists in Cyber Cafe Management System v1.0. An authenticated attacker can inject arbitrary JavaScript code into the username parameter via the add-users.php endpoint. The injected payload is stored and executed in the victim s…

  • CVE-2025-63529Dec 1, 2025
    risk 0.00cvss epss 0.00

    A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that allows an attacker to set or predict a user's session identifier prior to authentication. When the victim logs in, the application continues to use the attacker-supplied session ID…

  • CVE-2025-63525Dec 1, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to perform actions with escalated privileges via crafted request to delete.php.

  • CVE-2025-63533Dec 1, 2025
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject…

  • CVE-2025-63531Dec 1, 2025
    risk 0.00cvss epss 0.01

    A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and…

  • CVE-2025-63534Dec 1, 2025
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript…

  • CVE-2025-63535Dec 1, 2025
    risk 0.00cvss epss 0.00

    A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize usersupplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an…