SQL Injection Vulnerability in LMS (LAN Management System) by LMS Development Team
CVE-2026-40455
8.6HIGH
What is CVE-2026-40455?
An SQL Injection vulnerability in the LMS (LAN Management System) allows authenticated attackers to exploit insufficient input sanitization in the 'tarifflist.php' module. By manipulating the POST parameter 'tg[]', attackers can concatenate unsanitized user inputs within SQL queries, facilitating Error-Based SQL Injection. This vulnerability poses significant risks, as it may enable the extraction of sensitive information from the application’s database, elevating security concerns for deployments using affected versions.
Affected Version(s)
LMS 0 < 4cb30a7