CyberSec.Space Logo
CVEブラウザに戻る

CVE-2007-2205

HIGH
7.5
CVSS Severity Score
EPSS Score0.1700%
EPSS Percentile31.56th
Published2007年4月24日
Last Modified2026年4月23日

Vulnerability Description

PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643.

Affected Platforms (CPE)

📦
Lan Management System

Lan Management System

= 1.5.3
📦
Lan Management System

Lan Management System

= 1.5.4

References & Advisories

🔗 http://osvdb.org/35480
🔗 http://securityreason.com/securityalert/2630
🔗 http://www.attrition.org/pipermail/vim/2007-April/001560.html
🔗 http://www.securityfocus.com/archive/1/466664/100/0/threaded
🔗 http://www.securityfocus.com/bid/23611
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/33819
🔗 http://osvdb.org/35480
🔗 http://securityreason.com/securityalert/2630

関連する脆弱性情報

CVE-2007-164310.0

Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to...

CVE-2018-68547.8

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to L...

CVE-2019-152627.5

A vulnerability in the Secure Shell (SSH) session management for Cisco Wireless LAN Controller (WLC) Software could allow an unaut...

CVE-2007-33257.5

PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attacke...