- Description
- PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
- Comment
- LAN Management System (LMS) 1.9.6 does not appear to be a valid version. Vendor website shows up to version 1.8.10. This CVE is most likely referring to the version of 1.6.9, which is listed as the previous version to 1.8.10 on the vendor website.
- Impact
- -
- Solution
- -
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lms:lan_management_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7FAE1F9-78CD-483B-83E1-FAF488C3BB4E",
"versionEndIncluding": "1.6.9"
}
],
"operator": "OR"
}
]
}
]