Description
lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. This attack appear to be exploitable via GET parameter. This vulnerability appears to have been fixed in after commit 254765e.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/lmsgit/lms/issues/1271
Exploit, Third Party Advisory x_refsource_misc
https://0dd.zone/2018/06/01/LMS-Local-File-Disclosure/
Scores
CVSS v3
7.5
EPSS
0.0176
EPSS Percentile
75.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
lms/lms
< 011123
Published
Jun 26, 2018
Tracked Since
Feb 18, 2026