← voltar
CVE-2026-40456

OS Command Injection in LMS

CVSS 8.6 HIGHEPSS 0.9%CWE-78
An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to the "exec()" function without proper validation, allowing attackers to execute arbitrary operating system commands.
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N
Produtos afetados
LMS · LMS

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://cert.pl/posts/2026/06/CVE-2026-40455https://github.com/chilek/lms/commit/9fcb4de19b7d76394898dbc124252b86b07ac0edhttps://lms.org.pl/