CVE-2018-1000535

Name of the Vulnerable Software and Affected Versions LMS versions <= LMS 011123

Description The issue is related to a Local File Disclosure vulnerability in the File reading functionality of the LMS module. This can result in the possibility of reading files on the server. The attack appears to be exploitable via the GET parameter.

Recommendations For LMS versions <= LMS 011123, update to a version that includes the fix committed after 254765e to resolve the issue. As a temporary workaround, consider restricting access to the File reading functionality in the LMS module to minimize the risk of exploitation. Avoid using the GET parameter in the affected LMS module until the issue is resolved.