VYPR

Vendor CVEs

Lan Management System

All CVEs

88 total · sorted by risk
  • CVE-2007-2205Apr 24, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643.

  • CVE-2004-1844Dec 31, 2004
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Member Management System 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the err parameter to error.asp or (2) register.asp.

  • CVE-2026-40456Jun 18, 2026
    risk 0.00cvss epss 0.01

    An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to the "exec()" function without proper validation, allowing attackers to execute arbitrary operating system commands.

  • CVE-2026-40455Jun 18, 2026
    risk 0.00cvss epss 0.00

    An SQL Injection vulnerability exists in LMS (LAN Management System) before commit 4cb30a7 within the "tarifflist.php" module due to insufficient sanitization of the POST "tg[]" parameter. The application directly concatenates user-supplied array values into an SQL query using…

  • CVE-2025-70890Jan 15, 2026
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability exists in Cyber Cafe Management System v1.0. An authenticated attacker can inject arbitrary JavaScript code into the username parameter via the add-users.php endpoint. The injected payload is stored and executed in the victim s…

  • CVE-2025-63529Dec 1, 2025
    risk 0.00cvss epss 0.00

    A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that allows an attacker to set or predict a user's session identifier prior to authentication. When the victim logs in, the application continues to use the attacker-supplied session ID…

  • CVE-2025-63533Dec 1, 2025
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject…

  • CVE-2025-63525Dec 1, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to perform actions with escalated privileges via crafted request to delete.php.

  • CVE-2025-63531Dec 1, 2025
    risk 0.00cvss epss 0.01

    A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and…

  • CVE-2025-63527Dec 1, 2025
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject…

  • CVE-2025-63535Dec 1, 2025
    risk 0.00cvss epss 0.00

    A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize usersupplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an…

  • CVE-2025-63534Dec 1, 2025
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript…

  • CVE-2025-63446Nov 3, 2025
    risk 0.00cvss epss 0.00

    Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php.

  • CVE-2025-63443Nov 3, 2025
    risk 0.00cvss epss 0.00

    School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via the password parameter.

  • CVE-2025-63447Nov 3, 2025
    risk 0.00cvss epss 0.00

    Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php.

  • CVE-2025-63448Nov 3, 2025
    risk 0.00cvss epss 0.00

    Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1.

  • CVE-2023-44755Apr 22, 2025
    risk 0.00cvss epss 0.00

    Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php.

  • CVE-2025-29456Apr 17, 2025
    risk 0.00cvss epss 0.00

    An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function.

  • CVE-2025-29453Apr 17, 2025
    risk 0.00cvss epss 0.00

    An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component.

  • CVE-2025-29454Apr 17, 2025
    risk 0.00cvss epss 0.00

    An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function.

  • CVE-2025-29455Apr 17, 2025
    risk 0.00cvss epss 0.00

    An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function.

  • CVE-2024-48245Jan 7, 2025
    risk 0.00cvss epss 0.01

    Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment…

  • CVE-2024-48570Oct 22, 2024
    risk 0.00cvss epss 0.01

    Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php.

  • CVE-2024-42572Aug 20, 2024
    risk 0.00cvss epss 0.01

    School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php.

  • CVE-2024-42575Aug 20, 2024
    risk 0.00cvss epss 0.01

    School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php.

  • CVE-2024-42574Aug 20, 2024
    risk 0.00cvss epss 0.01

    School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php.

  • CVE-2024-42567Aug 20, 2024
    risk 0.00cvss epss 0.01

    School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2.

  • CVE-2024-42571Aug 20, 2024
    risk 0.00cvss epss 0.01

    School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php.

  • CVE-2024-42569Aug 20, 2024
    risk 0.00cvss epss 0.01

    School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at paidclass.php.

  • CVE-2024-33994Aug 6, 2024
    risk 0.00cvss epss 0.00

    Cross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in '/event/index.php'.

  • CVE-2024-33988Aug 6, 2024
    risk 0.00cvss epss 0.00

    Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance',…

  • CVE-2024-33986Aug 6, 2024
    risk 0.00cvss epss 0.00

    Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter…

  • CVE-2024-33982Aug 6, 2024
    risk 0.00cvss epss 0.00

    Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'StudentID'…

  • CVE-2024-28613Apr 24, 2024
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in PHP Task Management System v.1.0 allows a remote attacker to escalate privileges and obtain sensitive information via the task_id parameter of the task-details.php, and edit-task.php component.

  • CVE-2024-30979Apr 17, 2024
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability in Cyber Cafe Management System 1.0 allows a remote attacker to execute arbitrary code via the compname parameter in edit-computer-details.php.

  • CVE-2010-4896Oct 8, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in admin/index.asp in Member Management System 4.0 allows remote attackers to inject arbitrary web script or HTML via the REF_URL parameter.

  • CVE-2007-2198Apr 24, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in LAN Management System (LMS) before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD parameter to contrib/formularz_przelewu_wplaty/druk.php.

  • CVE-2006-0886Feb 25, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in register.php in DEV web management system 1.5 allows remote attackers to inject arbitrary web script or HTML via the "City/Region" field (mesto variable). NOTE: the provenance of this information is unknown; the details are obtained…

Page 2 of 2