exploitDog

CVE-2018-1000535

Опубликовано: 26 июн. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. This attack appear to be exploitable via GET parameter. This vulnerability appears to have been fixed in after commit 254765e.

Ссылки

https://0dd.zone/2018/06/01/LMS-Local-File-Disclosure/
Exploit
Third Party Advisory
https://github.com/lmsgit/lms/issues/1271
Exploit
Third Party Advisory
https://0dd.zone/2018/06/01/LMS-Local-File-Disclosure/
Exploit
Third Party Advisory
https://github.com/lmsgit/lms/issues/1271
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lms:lms:*:*:*:*:*:*:*:*

Версия до 011123 (включая)

EPSS

Процентиль: 53%

0.003

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-6h3g-7fwx-6pfj

CVSS3: 7.5

github

больше 3 лет назад

lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. This attack appear to be exploitable via GET parameter. This vulnerability appears to have been fixed in after commit 254765e.

EPSS

Процентиль: 53%

0.003

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200