Description
An SQL Injection vulnerability exists in LMS (LAN Management System) before commit 4cb30a7 within the "tarifflist.php" module due to insufficient sanitization of the POST "tg[]" parameter. The application directly concatenates user-supplied array values into an SQL query using "implode()", allowing authenticated attackers to perform Error-Based SQL injection and extract sensitive database information.
Published: 2026-06-18
Score: 8.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An SQL Injection vulnerability (CWE‑89) exists in the LAN Management System in the "tarifflist.php" module. The code concatenates user‑supplied array values from the POST "tg[]" parameter directly into an SQL query using "implode()", without proper sanitization. This flaw allows an attacker who is authenticated to the system to inject arbitrary SQL statements and retrieve sensitive database contents through error‑based injection techniques.

Affected Systems

The vulnerability affects the LAN Management System (LMS) in all versions released before commit 4cb30a7. The affected package does not list specific version numbers beyond the pre‑commit state, so any deployment of LMS that has not applied the patch contained in that commit is susceptible.

Risk and Exploitability

The CVSS score is 8.6, indicating a high‑severity flaw that compromises confidentiality. Although the EPSS score is not available, the exploit requires authenticated access, so an insider or compromised user account represents the primary risk. The vulnerability is not listed in the CISA KEV catalog, but the high CVSS rating and the ability to exfiltrate data make it a priority for immediate remediation.

Generated by OpenCVE AI on June 18, 2026 at 19:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch that updates the "tarifflist.php" module by incorporating prepared statements or proper input validation, as introduced in commit 4cb30a70e7e3d8a0ea53afa2dbef19d5243d449b.
  • Configure the database connection to run with the least privilege necessary for LMS operations, limiting the damage if an injection still succeeds.
  • Conduct a focused security review or penetration test that targets the "tarifflist.php" module and other input endpoints to confirm that error‑based SQL injection can no longer be performed.

Generated by OpenCVE AI on June 18, 2026 at 19:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Lms
Lms lms
Vendors & Products Lms
Lms lms

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description An SQL Injection vulnerability exists in LMS (LAN Management System) before commit 4cb30a7 within the "tarifflist.php" module due to insufficient sanitization of the POST "tg[]" parameter. The application directly concatenates user-supplied array values into an SQL query using "implode()", allowing authenticated attackers to perform Error-Based SQL injection and extract sensitive database information.
Title SQL Injection in LMS
Weaknesses CWE-89
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Lms Lms
cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2026-06-18T12:30:22.279Z

Reserved: 2026-04-13T09:36:21.531Z

Link: CVE-2026-40455

cve-icon Vulnrichment

Updated: 2026-06-18T12:30:17.846Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T19:15:02Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')