CyberSec.Space Logo
Back to CVE Browser

CVE-2007-1643

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1860%
EPSS Percentile4.06th
PublishedMar 24, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to welcome.php.

Affected Platforms (CPE)

πŸ“¦
Lan Management System

Lan Management System

<= 1.8.9

References & Advisories

πŸ”— http://secunia.com/advisories/24621
πŸ”— http://www.attrition.org/pipermail/vim/2007-April/001560.html
πŸ”— http://www.securityfocus.com/bid/23099
πŸ”— http://www.securityfocus.com/bid/23100
πŸ”— http://www.vupen.com/english/advisories/2007/1086
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/33158
πŸ”— https://www.exploit-db.com/exploits/3545
πŸ”— http://secunia.com/advisories/24621

Related Vulnerabilities

CVE-2018-68547.8

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to L...

CVE-2019-152627.5

A vulnerability in the Secure Shell (SSH) session management for Cisco Wireless LAN Controller (WLC) Software could allow an unaut...

CVE-2007-22057.5

PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allo...

CVE-2007-33257.5

PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attacke...