CVE-2026-40455
EUVD-2026-3787418.06.2026, 14:17
An SQL Injection vulnerability exists in LMS (LAN Management System) before commit 4cb30a7 within the "tarifflist.php" module due to insufficient sanitization of the POST "tg[]" parameter. The application directly concatenates user-supplied array values into an SQL query using "implode()", allowing authenticated attackers to perform Error-Based SQL injection and extract sensitive database information.
Awaiting analysis
This vulnerability is currently awaiting analysis.