Vendor CVEs
Lan Management System
All CVEs
88 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-2205 | 0.03 | — | 0.03 | Apr 24, 2007 | PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643. | |||
| CVE-2004-1844 | 0.03 | — | 0.02 | Dec 31, 2004 | Cross-site scripting (XSS) vulnerability in Member Management System 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the err parameter to error.asp or (2) register.asp. | |||
| CVE-2026-40456 | 0.00 | — | 0.01 | Jun 18, 2026 | An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to the "exec()" function without proper validation, allowing attackers to execute arbitrary operating system commands. | |||
| CVE-2026-40455 | 0.00 | — | 0.00 | Jun 18, 2026 | An SQL Injection vulnerability exists in LMS (LAN Management System) before commit 4cb30a7 within the "tarifflist.php" module due to insufficient sanitization of the POST "tg[]" parameter. The application directly concatenates user-supplied array values into an SQL query using… | |||
| CVE-2025-70890 | 0.00 | — | 0.00 | Jan 15, 2026 | A stored cross-site scripting (XSS) vulnerability exists in Cyber Cafe Management System v1.0. An authenticated attacker can inject arbitrary JavaScript code into the username parameter via the add-users.php endpoint. The injected payload is stored and executed in the victim s… | |||
| CVE-2025-63529 | 0.00 | — | 0.00 | Dec 1, 2025 | A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that allows an attacker to set or predict a user's session identifier prior to authentication. When the victim logs in, the application continues to use the attacker-supplied session ID… | |||
| CVE-2025-63533 | 0.00 | — | 0.00 | Dec 1, 2025 | A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject… | |||
| CVE-2025-63525 | 0.00 | — | 0.00 | Dec 1, 2025 | An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to perform actions with escalated privileges via crafted request to delete.php. | |||
| CVE-2025-63531 | 0.00 | — | 0.01 | Dec 1, 2025 | A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and… | |||
| CVE-2025-63527 | 0.00 | — | 0.00 | Dec 1, 2025 | A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject… | |||
| CVE-2025-63535 | 0.00 | — | 0.00 | Dec 1, 2025 | A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize usersupplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an… | |||
| CVE-2025-63534 | 0.00 | — | 0.00 | Dec 1, 2025 | A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript… | |||
| CVE-2025-63446 | 0.00 | — | 0.00 | Nov 3, 2025 | Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php. | |||
| CVE-2025-63443 | 0.00 | — | 0.00 | Nov 3, 2025 | School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via the password parameter. | |||
| CVE-2025-63447 | 0.00 | — | 0.00 | Nov 3, 2025 | Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php. | |||
| CVE-2025-63448 | 0.00 | — | 0.00 | Nov 3, 2025 | Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1. | |||
| CVE-2023-44755 | 0.00 | — | 0.00 | Apr 22, 2025 | Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php. | |||
| CVE-2025-29456 | 0.00 | — | 0.00 | Apr 17, 2025 | An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function. | |||
| CVE-2025-29453 | 0.00 | — | 0.00 | Apr 17, 2025 | An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component. | |||
| CVE-2025-29454 | 0.00 | — | 0.00 | Apr 17, 2025 | An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function. | |||
| CVE-2025-29455 | 0.00 | — | 0.00 | Apr 17, 2025 | An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function. | |||
| CVE-2024-48245 | 0.00 | — | 0.01 | Jan 7, 2025 | Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment… | |||
| CVE-2024-48570 | 0.00 | — | 0.01 | Oct 22, 2024 | Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php. | |||
| CVE-2024-42572 | 0.00 | — | 0.01 | Aug 20, 2024 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php. | |||
| CVE-2024-42575 | 0.00 | — | 0.01 | Aug 20, 2024 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php. | |||
| CVE-2024-42574 | 0.00 | — | 0.01 | Aug 20, 2024 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php. | |||
| CVE-2024-42567 | 0.00 | — | 0.01 | Aug 20, 2024 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2. | |||
| CVE-2024-42571 | 0.00 | — | 0.01 | Aug 20, 2024 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php. | |||
| CVE-2024-42569 | 0.00 | — | 0.01 | Aug 20, 2024 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at paidclass.php. | |||
| CVE-2024-33994 | 0.00 | — | 0.00 | Aug 6, 2024 | Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in '/event/index.php'. | |||
| CVE-2024-33988 | 0.00 | — | 0.00 | Aug 6, 2024 | Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance',… | |||
| CVE-2024-33986 | 0.00 | — | 0.00 | Aug 6, 2024 | Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter… | |||
| CVE-2024-33982 | 0.00 | — | 0.00 | Aug 6, 2024 | Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'StudentID'… | |||
| CVE-2024-28613 | 0.00 | — | 0.01 | Apr 24, 2024 | SQL Injection vulnerability in PHP Task Management System v.1.0 allows a remote attacker to escalate privileges and obtain sensitive information via the task_id parameter of the task-details.php, and edit-task.php component. | |||
| CVE-2024-30979 | 0.00 | — | 0.01 | Apr 17, 2024 | Cross Site Scripting vulnerability in Cyber Cafe Management System 1.0 allows a remote attacker to execute arbitrary code via the compname parameter in edit-computer-details.php. | |||
| CVE-2010-4896 | 0.00 | — | 0.01 | Oct 8, 2011 | Cross-site scripting (XSS) vulnerability in admin/index.asp in Member Management System 4.0 allows remote attackers to inject arbitrary web script or HTML via the REF_URL parameter. | |||
| CVE-2007-2198 | 0.00 | — | 0.01 | Apr 24, 2007 | Cross-site scripting (XSS) vulnerability in LAN Management System (LMS) before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD parameter to contrib/formularz_przelewu_wplaty/druk.php. | |||
| CVE-2006-0886 | 0.00 | — | 0.01 | Feb 25, 2006 | Cross-site scripting (XSS) vulnerability in register.php in DEV web management system 1.5 allows remote attackers to inject arbitrary web script or HTML via the "City/Region" field (mesto variable). NOTE: the provenance of this information is unknown; the details are obtained… |
- CVE-2007-2205Apr 24, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643.
- CVE-2004-1844Dec 31, 2004risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Member Management System 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the err parameter to error.asp or (2) register.asp.
- CVE-2026-40456Jun 18, 2026risk 0.00cvss —epss 0.01
An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to the "exec()" function without proper validation, allowing attackers to execute arbitrary operating system commands.
- CVE-2026-40455Jun 18, 2026risk 0.00cvss —epss 0.00
An SQL Injection vulnerability exists in LMS (LAN Management System) before commit 4cb30a7 within the "tarifflist.php" module due to insufficient sanitization of the POST "tg[]" parameter. The application directly concatenates user-supplied array values into an SQL query using…
- CVE-2025-70890Jan 15, 2026risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability exists in Cyber Cafe Management System v1.0. An authenticated attacker can inject arbitrary JavaScript code into the username parameter via the add-users.php endpoint. The injected payload is stored and executed in the victim s…
- CVE-2025-63529Dec 1, 2025risk 0.00cvss —epss 0.00
A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that allows an attacker to set or predict a user's session identifier prior to authentication. When the victim logs in, the application continues to use the attacker-supplied session ID…
- CVE-2025-63533Dec 1, 2025risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject…
- CVE-2025-63525Dec 1, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to perform actions with escalated privileges via crafted request to delete.php.
- CVE-2025-63531Dec 1, 2025risk 0.00cvss —epss 0.01
A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and…
- CVE-2025-63527Dec 1, 2025risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject…
- CVE-2025-63535Dec 1, 2025risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize usersupplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an…
- CVE-2025-63534Dec 1, 2025risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript…
- CVE-2025-63446Nov 3, 2025risk 0.00cvss —epss 0.00
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php.
- CVE-2025-63443Nov 3, 2025risk 0.00cvss —epss 0.00
School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via the password parameter.
- CVE-2025-63447Nov 3, 2025risk 0.00cvss —epss 0.00
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php.
- CVE-2025-63448Nov 3, 2025risk 0.00cvss —epss 0.00
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1.
- CVE-2023-44755Apr 22, 2025risk 0.00cvss —epss 0.00
Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php.
- CVE-2025-29456Apr 17, 2025risk 0.00cvss —epss 0.00
An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function.
- CVE-2025-29453Apr 17, 2025risk 0.00cvss —epss 0.00
An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component.
- CVE-2025-29454Apr 17, 2025risk 0.00cvss —epss 0.00
An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function.
- CVE-2025-29455Apr 17, 2025risk 0.00cvss —epss 0.00
An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function.
- CVE-2024-48245Jan 7, 2025risk 0.00cvss —epss 0.01
Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment…
- CVE-2024-48570Oct 22, 2024risk 0.00cvss —epss 0.01
Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php.
- CVE-2024-42572Aug 20, 2024risk 0.00cvss —epss 0.01
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php.
- CVE-2024-42575Aug 20, 2024risk 0.00cvss —epss 0.01
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php.
- CVE-2024-42574Aug 20, 2024risk 0.00cvss —epss 0.01
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php.
- CVE-2024-42567Aug 20, 2024risk 0.00cvss —epss 0.01
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2.
- CVE-2024-42571Aug 20, 2024risk 0.00cvss —epss 0.01
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php.
- CVE-2024-42569Aug 20, 2024risk 0.00cvss —epss 0.01
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at paidclass.php.
- CVE-2024-33994Aug 6, 2024risk 0.00cvss —epss 0.00
Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in '/event/index.php'.
- CVE-2024-33988Aug 6, 2024risk 0.00cvss —epss 0.00
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance',…
- CVE-2024-33986Aug 6, 2024risk 0.00cvss —epss 0.00
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter…
- CVE-2024-33982Aug 6, 2024risk 0.00cvss —epss 0.00
Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'StudentID'…
- CVE-2024-28613Apr 24, 2024risk 0.00cvss —epss 0.01
SQL Injection vulnerability in PHP Task Management System v.1.0 allows a remote attacker to escalate privileges and obtain sensitive information via the task_id parameter of the task-details.php, and edit-task.php component.
- CVE-2024-30979Apr 17, 2024risk 0.00cvss —epss 0.01
Cross Site Scripting vulnerability in Cyber Cafe Management System 1.0 allows a remote attacker to execute arbitrary code via the compname parameter in edit-computer-details.php.
- CVE-2010-4896Oct 8, 2011risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in admin/index.asp in Member Management System 4.0 allows remote attackers to inject arbitrary web script or HTML via the REF_URL parameter.
- CVE-2007-2198Apr 24, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in LAN Management System (LMS) before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD parameter to contrib/formularz_przelewu_wplaty/druk.php.
- CVE-2006-0886Feb 25, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in register.php in DEV web management system 1.5 allows remote attackers to inject arbitrary web script or HTML via the "City/Region" field (mesto variable). NOTE: the provenance of this information is unknown; the details are obtained…
Page 2 of 2