LMS 1.5.x RTMessageAdd.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23611/info LMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying...

LMS RTMessageAdd.PHP远程文件包含漏洞

LMS是一款基于PHP的WEB应用程序。 LMS不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'RTMessageAdd.PHP'脚本对用户提交的'LIBDIR'参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 LMS LAN Management System 1.5.4 LMS LAN Management System 1.5.3 目前没有解决方案提供： http://www.lms.org.pl/index.php...

Remote file inclusion

PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System LMS 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the LIBDIR parameter, a different vector than CVE-2007-1643...

lms 1.5.3 Remote File Inclusion

lms 1.5.3 Remote File Inclusion Affected Software .: lms 1.5.3 libs Download..: http://www.lms.org.pl/download/1.5/ Risk ..............: high Found by ..........: InyeXion Contact ...........: InyeXionatgmail.com Web .............: Www.InyeXion.com.ar Affected File: /modules/rtmessageadd.php...

Lms 1.5.x - 'RTMessageAdd.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/23611/info LMS is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also...