LAN Management System
CVEs (87)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-31914 | Med | 0.35 | 5.4 | 0.00 | Jun 16, 2022 | Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24. | ||
| CVE-2023-41614 | Med | 0.31 | 4.8 | 0.00 | Sep 21, 2023 | A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description of Animal parameter. | ||
| CVE-2023-31934 | Med | 0.31 | 4.8 | 0.00 | Jul 28, 2023 | Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php. | ||
| CVE-2023-24232 | Med | 0.31 | 4.8 | 0.00 | Feb 10, 2023 | A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter. | ||
| CVE-2022-1837 | Med | 0.31 | 4.7 | 0.01 | May 24, 2022 | A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input <?php phpinfo();?> leads to code execution. The attack may be launched remotely but… | ||
| CVE-2021-4232 | Low | 0.23 | 3.5 | 0.00 | May 26, 2022 | A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input leads to cross site scripting. It is possible to launch the… | ||
| CVE-2022-1816 | Low | 0.23 | 3.5 | 0.01 | May 23, 2022 | A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input… | ||
| CVE-2007-3325 | 0.08 | — | 0.64 | Jun 21, 2007 | PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205. | |||
| CVE-2024-48594 | 0.06 | — | 0.03 | Oct 28, 2024 | File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the file upload component. | |||
| CVE-2007-1643 | 0.04 | — | 0.11 | Mar 24, 2007 | Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to… | |||
| CVE-2007-2205 | 0.03 | — | 0.03 | Apr 24, 2007 | PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643. | |||
| CVE-2004-1844 | 0.03 | — | 0.02 | Dec 31, 2004 | Cross-site scripting (XSS) vulnerability in Member Management System 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the err parameter to error.asp or (2) register.asp. | |||
| CVE-2026-40455 | 0.00 | — | 0.00 | Jun 18, 2026 | An SQL Injection vulnerability exists in LMS (LAN Management System) before commit 4cb30a7 within the "tarifflist.php" module due to insufficient sanitization of the POST "tg[]" parameter. The application directly concatenates user-supplied array values into an SQL query using… | |||
| CVE-2025-70890 | 0.00 | — | 0.00 | Jan 15, 2026 | A stored cross-site scripting (XSS) vulnerability exists in Cyber Cafe Management System v1.0. An authenticated attacker can inject arbitrary JavaScript code into the username parameter via the add-users.php endpoint. The injected payload is stored and executed in the victim s… | |||
| CVE-2025-63529 | 0.00 | — | 0.00 | Dec 1, 2025 | A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that allows an attacker to set or predict a user's session identifier prior to authentication. When the victim logs in, the application continues to use the attacker-supplied session ID… | |||
| CVE-2025-63525 | 0.00 | — | 0.00 | Dec 1, 2025 | An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to perform actions with escalated privileges via crafted request to delete.php. | |||
| CVE-2025-63533 | 0.00 | — | 0.00 | Dec 1, 2025 | A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject… | |||
| CVE-2025-63531 | 0.00 | — | 0.01 | Dec 1, 2025 | A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and… | |||
| CVE-2025-63534 | 0.00 | — | 0.00 | Dec 1, 2025 | A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript… | |||
| CVE-2025-63535 | 0.00 | — | 0.00 | Dec 1, 2025 | A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize usersupplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an… |
- risk 0.35cvss 5.4epss 0.00
Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24.
- risk 0.31cvss 4.8epss 0.00
A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description of Animal parameter.
- risk 0.31cvss 4.8epss 0.00
Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php.
- risk 0.31cvss 4.8epss 0.00
A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.
- risk 0.31cvss 4.7epss 0.01
A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input <?php phpinfo();?> leads to code execution. The attack may be launched remotely but…
- risk 0.23cvss 3.5epss 0.00
A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input leads to cross site scripting. It is possible to launch the…
- risk 0.23cvss 3.5epss 0.01
A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input…
- CVE-2007-3325Jun 21, 2007risk 0.08cvss —epss 0.64
PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205.
- CVE-2024-48594Oct 28, 2024risk 0.06cvss —epss 0.03
File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the file upload component.
- CVE-2007-1643Mar 24, 2007risk 0.04cvss —epss 0.11
Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to…
- CVE-2007-2205Apr 24, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643.
- CVE-2004-1844Dec 31, 2004risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Member Management System 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the err parameter to error.asp or (2) register.asp.
- CVE-2026-40455Jun 18, 2026risk 0.00cvss —epss 0.00
An SQL Injection vulnerability exists in LMS (LAN Management System) before commit 4cb30a7 within the "tarifflist.php" module due to insufficient sanitization of the POST "tg[]" parameter. The application directly concatenates user-supplied array values into an SQL query using…
- CVE-2025-70890Jan 15, 2026risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability exists in Cyber Cafe Management System v1.0. An authenticated attacker can inject arbitrary JavaScript code into the username parameter via the add-users.php endpoint. The injected payload is stored and executed in the victim s…
- CVE-2025-63529Dec 1, 2025risk 0.00cvss —epss 0.00
A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that allows an attacker to set or predict a user's session identifier prior to authentication. When the victim logs in, the application continues to use the attacker-supplied session ID…
- CVE-2025-63525Dec 1, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to perform actions with escalated privileges via crafted request to delete.php.
- CVE-2025-63533Dec 1, 2025risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject…
- CVE-2025-63531Dec 1, 2025risk 0.00cvss —epss 0.01
A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and…
- CVE-2025-63534Dec 1, 2025risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript…
- CVE-2025-63535Dec 1, 2025risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize usersupplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an…
Page 3 of 5