// For flags

CVE-2018-1000535

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. This attack appear to be exploitable via GET parameter. This vulnerability appears to have been fixed in after commit 254765e.

lms en versiones iguales o anteriores a la LMS_011123 contiene una vulnerabilidad de divulgación de archivos locales en la funcionalidad de lectura de archivos en el módulo LMS que puede resultar en la lectura de archivos en el servidor. Este ataque parece ser explotable mediante un parámetro GET. La vulnerabilidad parece haber sido solucionada tras el commit con ID 254765e.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-06-01 CVE Reserved
  • 2018-06-26 CVE Published
  • 2023-11-17 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Lms
Search vendor "Lms"
Lms
Search vendor "Lms" for product "Lms"
<= 011123
Search vendor "Lms" for product "Lms" and version " <= 011123"
-
Affected