VYPR

Vendor CVEs

Lan Management System

All CVEs

88 total · sorted by risk
  • CVE-2018-18793CriNov 16, 2018
    risk 0.67cvss 9.8epss 0.10

    School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.

  • CVE-2022-30887CriMay 20, 2022
    risk 0.66cvss 9.8epss 0.25

    Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file.

  • CVE-2022-29009CriMay 11, 2022
    risk 0.65cvss 9.8epss 0.21

    Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.

  • CVE-2023-51951CriFeb 5, 2024
    risk 0.64cvss 9.8epss 0.01

    SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file.

  • CVE-2023-24643CriMar 3, 2023
    risk 0.64cvss 9.8epss 0.01

    Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtview.php.

  • CVE-2023-24642CriMar 3, 2023
    risk 0.64cvss 9.8epss 0.01

    Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateTxtview.php.

  • CVE-2023-24641CriMar 3, 2023
    risk 0.64cvss 9.8epss 0.01

    Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateview.php.

  • CVE-2022-36713CriAug 30, 2022
    risk 0.64cvss 9.8epss 0.01

    Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /librarian/lab.php.

  • CVE-2022-36711CriAug 30, 2022
    risk 0.64cvss 9.8epss 0.01

    Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/bookdetails.php.

  • CVE-2022-34954CriAug 2, 2022
    risk 0.64cvss 9.8epss 0.01

    Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at invoiceprint.php.

  • CVE-2022-34952CriAug 2, 2022
    risk 0.64cvss 9.8epss 0.01

    Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edituser.php.

  • CVE-2022-34951CriAug 2, 2022
    risk 0.64cvss 9.8epss 0.01

    Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getsalereport.php.

  • CVE-2022-34948CriAug 2, 2022
    risk 0.64cvss 9.8epss 0.01

    Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editbrand.php.

  • CVE-2022-34947CriAug 2, 2022
    risk 0.64cvss 9.8epss 0.01

    Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editcategory.php.

  • CVE-2022-34946CriAug 2, 2022
    risk 0.64cvss 9.8epss 0.01

    Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getexpproduct.php.

  • CVE-2022-34945CriAug 2, 2022
    risk 0.64cvss 9.8epss 0.01

    Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getproductreport.php.

  • CVE-2021-41661CriJun 13, 2022
    risk 0.64cvss 9.8epss 0.01

    Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell.

  • CVE-2022-29656CriMay 11, 2022
    risk 0.64cvss 9.8epss 0.01

    Wedding Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Wedding-Management/package_detail.php.

  • CVE-2021-45003CriJan 10, 2022
    risk 0.64cvss 9.8epss 0.03

    Laundry Booking Management System 1.0 (Latest) and previous versions are affected by a remote code execution (RCE) vulnerability in profile.php through the "image" parameter that can execute a webshell payload.

  • CVE-2018-18796CriNov 16, 2018
    risk 0.64cvss 9.8epss 0.02

    Library Management System 1.0 has SQL Injection via the "Search for Books" screen.

  • CVE-2024-36840CriJun 12, 2024
    risk 0.60cvss 9.1epss 0.02

    SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php.

  • CVE-2020-36071HigApr 6, 2023
    risk 0.57cvss 8.8epss 0.01

    SQL injection vulnerability found in Tailor Management System v.1 allows a remote authenticated attacker to execute arbitrary code via the customer parameter of the email.php page.

  • CVE-2022-32396HigJun 24, 2022
    risk 0.57cvss 8.8epss 0.01

    Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/manage_visit.php:4

  • CVE-2022-32395HigJun 24, 2022
    risk 0.57cvss 8.8epss 0.01

    Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/manage_crime.php:4

  • CVE-2022-32393HigJun 24, 2022
    risk 0.57cvss 8.8epss 0.01

    Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/view_cell.php:4

  • CVE-2022-50805HigJan 13, 2026
    risk 0.53cvss 8.2epss 0.00

    Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially…

  • CVE-2023-24317HigFeb 23, 2023
    risk 0.53cvss 8.1epss 0.02

    Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php.

  • CVE-2023-44824HigOct 17, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploaded to the sign-up.php component.

  • CVE-2019-12391HigDec 2, 2019
    risk 0.49cvss 7.5epss 0.01

    The Anviz Management System for access control has insufficient logging for device events such as door open requests.

  • CVE-2023-31937HigJul 28, 2023
    risk 0.47cvss 7.2epss 0.01

    Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-cateogry-detail.php file.

  • CVE-2023-31932HigJul 28, 2023
    risk 0.47cvss 7.2epss 0.01

    Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-enquiry.php file.

  • CVE-2022-43330HigNov 1, 2022
    risk 0.47cvss 7.2epss 0.01

    Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php.

  • CVE-2022-36582HigAug 31, 2022
    risk 0.47cvss 7.2epss 0.01

    An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

  • CVE-2025-67437MedMay 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset.

  • CVE-2022-29008MedMay 11, 2022
    risk 0.42cvss 6.5epss 0.01

    An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information.

  • CVE-2022-46622MedJan 12, 2023
    risk 0.40cvss 6.1epss 0.01

    A cross-site scripting (XSS) vulnerability in Judging Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter.

  • CVE-2022-45225MedNov 25, 2022
    risk 0.40cvss 6.1epss 0.00

    Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter.

  • CVE-2022-25575MedMar 24, 2022
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes.

  • CVE-2024-8679MedDec 7, 2024
    risk 0.37cvss 6.8epss 0.00

    The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the ‘value' parameter of the owt_lib_handler AJAX action in all versions up to, and including, 3.1 due to insufficient escaping on the user supplied…

  • CVE-2024-12406MedDec 12, 2024
    risk 0.35cvss 6.5epss 0.00

    The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the 'owt7_borrow_books_id' parameter in all versions up to, and including, 3.2.0 due to insufficient escaping on the user supplied parameter and lack of…

  • CVE-2022-31914MedJun 16, 2022
    risk 0.35cvss 5.4epss 0.00

    Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24.

  • CVE-2023-41614MedSep 21, 2023
    risk 0.31cvss 4.8epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description of Animal parameter.

  • CVE-2023-31934MedJul 28, 2023
    risk 0.31cvss 4.8epss 0.00

    Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php.

  • CVE-2023-24232MedFeb 10, 2023
    risk 0.31cvss 4.8epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.

  • CVE-2022-1837MedMay 24, 2022
    risk 0.31cvss 4.7epss 0.01

    A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input <?php phpinfo();?> leads to code execution. The attack may be launched remotely but…

  • CVE-2021-4232LowMay 26, 2022
    risk 0.23cvss 3.5epss 0.00

    A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input leads to cross site scripting. It is possible to launch the…

  • CVE-2022-1816LowMay 23, 2022
    risk 0.23cvss 3.5epss 0.01

    A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input…

  • CVE-2007-3325Jun 21, 2007
    risk 0.08cvss epss 0.64

    PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205.

  • CVE-2024-48594Oct 28, 2024
    risk 0.06cvss epss 0.03

    File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the file upload component.

  • CVE-2007-1643Mar 24, 2007
    risk 0.04cvss epss 0.11

    Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to…

Page 1 of 2