Lan Management System
Products
2- 86 CVEs
- 3 CVEs
Recent CVEs
87| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-36840 | Cri | 0.60 | 9.1 | 0.02 | Jun 12, 2024 | SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php. | ||
| CVE-2022-50805 | Hig | 0.53 | 8.2 | 0.00 | Jan 13, 2026 | Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially… | ||
| CVE-2025-67437 | Med | 0.42 | 6.5 | 0.00 | May 15, 2026 | Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset. | ||
| CVE-2024-8679 | Med | 0.37 | 6.8 | 0.00 | Dec 7, 2024 | The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the ‘value' parameter of the owt_lib_handler AJAX action in all versions up to, and including, 3.1 due to insufficient escaping on the user supplied… | ||
| CVE-2024-12406 | Med | 0.35 | 6.5 | 0.00 | Dec 12, 2024 | The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the 'owt7_borrow_books_id' parameter in all versions up to, and including, 3.2.0 due to insufficient escaping on the user supplied parameter and lack of… | ||
| CVE-2007-3325 | 0.08 | — | 0.64 | Jun 21, 2007 | PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205. | |||
| CVE-2022-29009 | 0.07 | — | 0.21 | May 11, 2022 | Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication. | |||
| CVE-2024-48594 | 0.06 | — | 0.03 | Oct 28, 2024 | File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the file upload component. | |||
| CVE-2018-18793 | 0.04 | — | 0.10 | Nov 16, 2018 | School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos. | |||
| CVE-2007-1643 | 0.04 | — | 0.11 | Mar 24, 2007 | Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to… | |||
| CVE-2007-2205 | 0.03 | — | 0.03 | Apr 24, 2007 | PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643. | |||
| CVE-2004-1844 | 0.03 | — | 0.02 | Dec 31, 2004 | Cross-site scripting (XSS) vulnerability in Member Management System 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the err parameter to error.asp or (2) register.asp. | |||
| CVE-2023-24317 | 0.01 | — | 0.02 | Feb 23, 2023 | Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php. | |||
| CVE-2026-40456 | 0.00 | — | 0.01 | Jun 18, 2026 | An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to the "exec()" function without proper validation, allowing attackers to execute arbitrary operating system commands. | |||
| CVE-2026-40455 | 0.00 | — | 0.00 | Jun 18, 2026 | An SQL Injection vulnerability exists in LMS (LAN Management System) before commit 4cb30a7 within the "tarifflist.php" module due to insufficient sanitization of the POST "tg[]" parameter. The application directly concatenates user-supplied array values into an SQL query using… | |||
| CVE-2025-70890 | 0.00 | — | 0.00 | Jan 15, 2026 | A stored cross-site scripting (XSS) vulnerability exists in Cyber Cafe Management System v1.0. An authenticated attacker can inject arbitrary JavaScript code into the username parameter via the add-users.php endpoint. The injected payload is stored and executed in the victim s… | |||
| CVE-2025-63534 | 0.00 | — | 0.00 | Dec 1, 2025 | A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript… | |||
| CVE-2025-63525 | 0.00 | — | 0.00 | Dec 1, 2025 | An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to perform actions with escalated privileges via crafted request to delete.php. | |||
| CVE-2025-63533 | 0.00 | — | 0.00 | Dec 1, 2025 | A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject… | |||
| CVE-2025-63531 | 0.00 | — | 0.01 | Dec 1, 2025 | A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and… |
- risk 0.60cvss 9.1epss 0.02
SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php.
- risk 0.53cvss 8.2epss 0.00
Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially…
- risk 0.42cvss 6.5epss 0.00
Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset.
- risk 0.37cvss 6.8epss 0.00
The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the ‘value' parameter of the owt_lib_handler AJAX action in all versions up to, and including, 3.1 due to insufficient escaping on the user supplied…
- risk 0.35cvss 6.5epss 0.00
The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the 'owt7_borrow_books_id' parameter in all versions up to, and including, 3.2.0 due to insufficient escaping on the user supplied parameter and lack of…
- CVE-2007-3325Jun 21, 2007risk 0.08cvss —epss 0.64
PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205.
- CVE-2022-29009May 11, 2022risk 0.07cvss —epss 0.21
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.
- CVE-2024-48594Oct 28, 2024risk 0.06cvss —epss 0.03
File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the file upload component.
- CVE-2018-18793Nov 16, 2018risk 0.04cvss —epss 0.10
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.
- CVE-2007-1643Mar 24, 2007risk 0.04cvss —epss 0.11
Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to…
- CVE-2007-2205Apr 24, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643.
- CVE-2004-1844Dec 31, 2004risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Member Management System 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the err parameter to error.asp or (2) register.asp.
- CVE-2023-24317Feb 23, 2023risk 0.01cvss —epss 0.02
Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php.
- CVE-2026-40456Jun 18, 2026risk 0.00cvss —epss 0.01
An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to the "exec()" function without proper validation, allowing attackers to execute arbitrary operating system commands.
- CVE-2026-40455Jun 18, 2026risk 0.00cvss —epss 0.00
An SQL Injection vulnerability exists in LMS (LAN Management System) before commit 4cb30a7 within the "tarifflist.php" module due to insufficient sanitization of the POST "tg[]" parameter. The application directly concatenates user-supplied array values into an SQL query using…
- CVE-2025-70890Jan 15, 2026risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability exists in Cyber Cafe Management System v1.0. An authenticated attacker can inject arbitrary JavaScript code into the username parameter via the add-users.php endpoint. The injected payload is stored and executed in the victim s…
- CVE-2025-63534Dec 1, 2025risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript…
- CVE-2025-63525Dec 1, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to perform actions with escalated privileges via crafted request to delete.php.
- CVE-2025-63533Dec 1, 2025risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject…
- CVE-2025-63531Dec 1, 2025risk 0.00cvss —epss 0.01
A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and…