Vulnerabilities > CVE-2007-3325 - Remote File Include vulnerability in LMS LAN Management System Language.PHP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205. LAN Management System (LMS) 1.9.6 does not appear to be a valid version. Vendor website shows up to version 1.8.10. This CVE is most likely referring to the version of 1.6.9, which is listed as the previous version to 1.8.10 on the vendor website.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | LAN Management System (LMS) <= 1.9.6 Remote File Inclusion Exploit. CVE-2007-3325. Webapps exploit for php platform |
| file | exploits/php/webapps/4086.pl |
| id | EDB-ID:4086 |
| last seen | 2016-01-31 |
| modified | 2007-06-20 |
| platform | php |
| port | |
| published | 2007-06-20 |
| reporter | Kw3[R]Ln |
| source | https://www.exploit-db.com/download/4086/ |
| title | LAN Management System LMS <= 1.9.6 - Remote File Inclusion Exploit |
| type | webapps |