CVE-2018-1000535

HIGH

lms <= LMS_011123 - Info Disclosure

Title source: llm
STIX 2.1

Description

lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. This attack appear to be exploitable via GET parameter. This vulnerability appears to have been fixed in after commit 254765e.

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/lmsgit/lms/issues/1271
Exploit, Third Party Advisory x_refsource_misc
https://0dd.zone/2018/06/01/LMS-Local-File-Disclosure/

Scores

CVSS v3 7.5
EPSS 0.0176
EPSS Percentile 75.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
lms/lms < 011123
Published Jun 26, 2018
Tracked Since Feb 18, 2026