CVE-2026-40455
HighCVSS 8.6Exploitation Probability (EPSS)
Low risk12th percentile — higher than 12% of all known CVEs
Summary
An SQL Injection vulnerability exists in LMS (LAN Management System) before commit 4cb30a7 within the 'tarifflist.php' module due to insufficient sanitization of the POST 'tg[]' parameter. This allows authenticated attackers to perform Error-Based SQL injection and extract sensitive database information.
Risk Assessment
This vulnerability may lead to the exposure of sensitive database information, posing a serious threat to the organization's security. It allows attackers to access confidential data, potentially resulting in further attacks or privacy breaches.
Recommendation
It is recommended to update the LMS system to the latest version that includes security patches. Additionally, appropriate input sanitization mechanisms should be implemented to prevent similar attacks in the future.
Original NVD description (English source)
An SQL Injection vulnerability exists in LMS (LAN Management System) before commit 4cb30a7 within the "tarifflist.php" module due to insufficient sanitization of the POST "tg[]" parameter. The application directly concatenates user-supplied array values into an SQL query using "implode()", allowing authenticated attackers to perform Error-Based SQL injection and extract sensitive database information.

