PT-2018-9431 · Lms · Lms

Published

2018-06-26

Updated

2019-09-18

CVE-2018-1000535

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions LMS versions <= LMS 011123

Description The issue is related to a Local File Disclosure vulnerability in the File reading functionality of the LMS module. This can result in the possibility of reading files on the server. The attack appears to be exploitable via the GET parameter.

Recommendations For LMS versions <= LMS 011123, update to a version that includes the fix committed after 254765e to resolve the issue. As a temporary workaround, consider restricting access to the File reading functionality in the LMS module to minimize the risk of exploitation. Avoid using the GET parameter in the affected LMS module until the issue is resolved.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-1000535

Affected Products

Lms

PT-2018-9431 · Lms · Lms

CVE-2018-1000535

Weakness Enumeration

Related Identifiers

Affected Products

References · 4