Vendor CVEs
Lan Management System
All CVEs
88 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-18793 | Cri | 0.67 | 9.8 | 0.10 | Nov 16, 2018 | School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos. | ||
| CVE-2022-30887 | Cri | 0.66 | 9.8 | 0.25 | May 20, 2022 | Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file. | ||
| CVE-2022-29009 | Cri | 0.65 | 9.8 | 0.21 | May 11, 2022 | Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication. | ||
| CVE-2023-51951 | Cri | 0.64 | 9.8 | 0.01 | Feb 5, 2024 | SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file. | ||
| CVE-2023-24643 | Cri | 0.64 | 9.8 | 0.01 | Mar 3, 2023 | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtview.php. | ||
| CVE-2023-24642 | Cri | 0.64 | 9.8 | 0.01 | Mar 3, 2023 | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateTxtview.php. | ||
| CVE-2023-24641 | Cri | 0.64 | 9.8 | 0.01 | Mar 3, 2023 | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateview.php. | ||
| CVE-2022-36713 | Cri | 0.64 | 9.8 | 0.01 | Aug 30, 2022 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /librarian/lab.php. | ||
| CVE-2022-36711 | Cri | 0.64 | 9.8 | 0.01 | Aug 30, 2022 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/bookdetails.php. | ||
| CVE-2022-34954 | Cri | 0.64 | 9.8 | 0.01 | Aug 2, 2022 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at invoiceprint.php. | ||
| CVE-2022-34952 | Cri | 0.64 | 9.8 | 0.01 | Aug 2, 2022 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edituser.php. | ||
| CVE-2022-34951 | Cri | 0.64 | 9.8 | 0.01 | Aug 2, 2022 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getsalereport.php. | ||
| CVE-2022-34948 | Cri | 0.64 | 9.8 | 0.01 | Aug 2, 2022 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editbrand.php. | ||
| CVE-2022-34947 | Cri | 0.64 | 9.8 | 0.01 | Aug 2, 2022 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editcategory.php. | ||
| CVE-2022-34946 | Cri | 0.64 | 9.8 | 0.01 | Aug 2, 2022 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getexpproduct.php. | ||
| CVE-2022-34945 | Cri | 0.64 | 9.8 | 0.01 | Aug 2, 2022 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getproductreport.php. | ||
| CVE-2021-41661 | Cri | 0.64 | 9.8 | 0.01 | Jun 13, 2022 | Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell. | ||
| CVE-2022-29656 | Cri | 0.64 | 9.8 | 0.01 | May 11, 2022 | Wedding Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Wedding-Management/package_detail.php. | ||
| CVE-2021-45003 | Cri | 0.64 | 9.8 | 0.03 | Jan 10, 2022 | Laundry Booking Management System 1.0 (Latest) and previous versions are affected by a remote code execution (RCE) vulnerability in profile.php through the "image" parameter that can execute a webshell payload. | ||
| CVE-2018-18796 | Cri | 0.64 | 9.8 | 0.02 | Nov 16, 2018 | Library Management System 1.0 has SQL Injection via the "Search for Books" screen. | ||
| CVE-2024-36840 | Cri | 0.60 | 9.1 | 0.02 | Jun 12, 2024 | SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php. | ||
| CVE-2020-36071 | Hig | 0.57 | 8.8 | 0.01 | Apr 6, 2023 | SQL injection vulnerability found in Tailor Management System v.1 allows a remote authenticated attacker to execute arbitrary code via the customer parameter of the email.php page. | ||
| CVE-2022-32396 | Hig | 0.57 | 8.8 | 0.01 | Jun 24, 2022 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/manage_visit.php:4 | ||
| CVE-2022-32395 | Hig | 0.57 | 8.8 | 0.01 | Jun 24, 2022 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/manage_crime.php:4 | ||
| CVE-2022-32393 | Hig | 0.57 | 8.8 | 0.01 | Jun 24, 2022 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/view_cell.php:4 | ||
| CVE-2022-50805 | Hig | 0.53 | 8.2 | 0.00 | Jan 13, 2026 | Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially… | ||
| CVE-2023-24317 | Hig | 0.53 | 8.1 | 0.02 | Feb 23, 2023 | Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php. | ||
| CVE-2023-44824 | Hig | 0.51 | 7.8 | 0.00 | Oct 17, 2023 | An issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploaded to the sign-up.php component. | ||
| CVE-2019-12391 | Hig | 0.49 | 7.5 | 0.01 | Dec 2, 2019 | The Anviz Management System for access control has insufficient logging for device events such as door open requests. | ||
| CVE-2023-31937 | Hig | 0.47 | 7.2 | 0.01 | Jul 28, 2023 | Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-cateogry-detail.php file. | ||
| CVE-2023-31932 | Hig | 0.47 | 7.2 | 0.01 | Jul 28, 2023 | Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-enquiry.php file. | ||
| CVE-2022-43330 | Hig | 0.47 | 7.2 | 0.01 | Nov 1, 2022 | Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php. | ||
| CVE-2022-36582 | Hig | 0.47 | 7.2 | 0.01 | Aug 31, 2022 | An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||
| CVE-2025-67437 | Med | 0.42 | 6.5 | 0.00 | May 15, 2026 | Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset. | ||
| CVE-2022-29008 | Med | 0.42 | 6.5 | 0.01 | May 11, 2022 | An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information. | ||
| CVE-2022-46622 | Med | 0.40 | 6.1 | 0.01 | Jan 12, 2023 | A cross-site scripting (XSS) vulnerability in Judging Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter. | ||
| CVE-2022-45225 | Med | 0.40 | 6.1 | 0.00 | Nov 25, 2022 | Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter. | ||
| CVE-2022-25575 | Med | 0.40 | 6.1 | 0.01 | Mar 24, 2022 | Multiple cross-site scripting (XSS) vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes. | ||
| CVE-2024-8679 | Med | 0.37 | 6.8 | 0.00 | Dec 7, 2024 | The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the ‘value' parameter of the owt_lib_handler AJAX action in all versions up to, and including, 3.1 due to insufficient escaping on the user supplied… | ||
| CVE-2024-12406 | Med | 0.35 | 6.5 | 0.00 | Dec 12, 2024 | The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the 'owt7_borrow_books_id' parameter in all versions up to, and including, 3.2.0 due to insufficient escaping on the user supplied parameter and lack of… | ||
| CVE-2022-31914 | Med | 0.35 | 5.4 | 0.00 | Jun 16, 2022 | Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24. | ||
| CVE-2023-41614 | Med | 0.31 | 4.8 | 0.00 | Sep 21, 2023 | A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description of Animal parameter. | ||
| CVE-2023-31934 | Med | 0.31 | 4.8 | 0.00 | Jul 28, 2023 | Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php. | ||
| CVE-2023-24232 | Med | 0.31 | 4.8 | 0.00 | Feb 10, 2023 | A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter. | ||
| CVE-2022-1837 | Med | 0.31 | 4.7 | 0.01 | May 24, 2022 | A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input <?php phpinfo();?> leads to code execution. The attack may be launched remotely but… | ||
| CVE-2021-4232 | Low | 0.23 | 3.5 | 0.00 | May 26, 2022 | A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input leads to cross site scripting. It is possible to launch the… | ||
| CVE-2022-1816 | Low | 0.23 | 3.5 | 0.01 | May 23, 2022 | A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input… | ||
| CVE-2007-3325 | 0.08 | — | 0.64 | Jun 21, 2007 | PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205. | |||
| CVE-2024-48594 | 0.06 | — | 0.03 | Oct 28, 2024 | File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the file upload component. | |||
| CVE-2007-1643 | 0.04 | — | 0.11 | Mar 24, 2007 | Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to… |
- risk 0.67cvss 9.8epss 0.10
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.
- risk 0.66cvss 9.8epss 0.25
Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file.
- risk 0.65cvss 9.8epss 0.21
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.
- risk 0.64cvss 9.8epss 0.01
SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file.
- risk 0.64cvss 9.8epss 0.01
Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtview.php.
- risk 0.64cvss 9.8epss 0.01
Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateTxtview.php.
- risk 0.64cvss 9.8epss 0.01
Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateview.php.
- risk 0.64cvss 9.8epss 0.01
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /librarian/lab.php.
- risk 0.64cvss 9.8epss 0.01
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/bookdetails.php.
- risk 0.64cvss 9.8epss 0.01
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at invoiceprint.php.
- risk 0.64cvss 9.8epss 0.01
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edituser.php.
- risk 0.64cvss 9.8epss 0.01
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getsalereport.php.
- risk 0.64cvss 9.8epss 0.01
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editbrand.php.
- risk 0.64cvss 9.8epss 0.01
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editcategory.php.
- risk 0.64cvss 9.8epss 0.01
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getexpproduct.php.
- risk 0.64cvss 9.8epss 0.01
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getproductreport.php.
- risk 0.64cvss 9.8epss 0.01
Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell.
- risk 0.64cvss 9.8epss 0.01
Wedding Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Wedding-Management/package_detail.php.
- risk 0.64cvss 9.8epss 0.03
Laundry Booking Management System 1.0 (Latest) and previous versions are affected by a remote code execution (RCE) vulnerability in profile.php through the "image" parameter that can execute a webshell payload.
- risk 0.64cvss 9.8epss 0.02
Library Management System 1.0 has SQL Injection via the "Search for Books" screen.
- risk 0.60cvss 9.1epss 0.02
SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php.
- risk 0.57cvss 8.8epss 0.01
SQL injection vulnerability found in Tailor Management System v.1 allows a remote authenticated attacker to execute arbitrary code via the customer parameter of the email.php page.
- risk 0.57cvss 8.8epss 0.01
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/manage_visit.php:4
- risk 0.57cvss 8.8epss 0.01
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/manage_crime.php:4
- risk 0.57cvss 8.8epss 0.01
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/view_cell.php:4
- risk 0.53cvss 8.2epss 0.00
Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially…
- risk 0.53cvss 8.1epss 0.02
Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php.
- risk 0.51cvss 7.8epss 0.00
An issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploaded to the sign-up.php component.
- risk 0.49cvss 7.5epss 0.01
The Anviz Management System for access control has insufficient logging for device events such as door open requests.
- risk 0.47cvss 7.2epss 0.01
Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-cateogry-detail.php file.
- risk 0.47cvss 7.2epss 0.01
Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-enquiry.php file.
- risk 0.47cvss 7.2epss 0.01
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php.
- risk 0.47cvss 7.2epss 0.01
An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
- risk 0.42cvss 6.5epss 0.00
Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset.
- risk 0.42cvss 6.5epss 0.01
An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information.
- risk 0.40cvss 6.1epss 0.01
A cross-site scripting (XSS) vulnerability in Judging Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter.
- risk 0.40cvss 6.1epss 0.00
Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter.
- risk 0.40cvss 6.1epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes.
- risk 0.37cvss 6.8epss 0.00
The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the ‘value' parameter of the owt_lib_handler AJAX action in all versions up to, and including, 3.1 due to insufficient escaping on the user supplied…
- risk 0.35cvss 6.5epss 0.00
The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the 'owt7_borrow_books_id' parameter in all versions up to, and including, 3.2.0 due to insufficient escaping on the user supplied parameter and lack of…
- risk 0.35cvss 5.4epss 0.00
Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24.
- risk 0.31cvss 4.8epss 0.00
A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description of Animal parameter.
- risk 0.31cvss 4.8epss 0.00
Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php.
- risk 0.31cvss 4.8epss 0.00
A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.
- risk 0.31cvss 4.7epss 0.01
A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input <?php phpinfo();?> leads to code execution. The attack may be launched remotely but…
- risk 0.23cvss 3.5epss 0.00
A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input leads to cross site scripting. It is possible to launch the…
- risk 0.23cvss 3.5epss 0.01
A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input…
- CVE-2007-3325Jun 21, 2007risk 0.08cvss —epss 0.64
PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205.
- CVE-2024-48594Oct 28, 2024risk 0.06cvss —epss 0.03
File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the file upload component.
- CVE-2007-1643Mar 24, 2007risk 0.04cvss —epss 0.11
Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to…
Page 1 of 2