SQL Injection in Lms
CVE-2026-40455
An SQL Injection vulnerability exists in LMS (LAN Management System) before commit 4cb30a7 within the "tarifflist.php" module due to insufficient sanitization of the POST "tg[]" parameter. The application directly concatenates user-supplie…
Vulnerability class: SQL Injection
Affected products
- Lms — versions 0
Weakness classification (CWE)
References
- cvd@cert.pl (patch)
- cvd@cert.pl (third-party-advisory)
- cvd@cert.pl (product)