What the vulnerability does
01Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ogun Labs Lenxel Core for Lenxel(LNX) LMS lenxel-core allows PHP Local File Inclusion.This issue affects Lenxel Core for Lenxel(LNX) LMS: from n/a through <= 1.3.9.
Explanation of Vulnerability in Simple Terms
02Summary
Lenxel Core for Lenxel LMS versions up to 1.3.9 contain a path traversal vulnerability that allows authenticated users to read, write, or delete arbitrary files on the server. An attacker with low-level credentials can bypass file access restrictions by manipulating file paths. This affects confidentiality, integrity, and availability of the entire system.
What an attacker can do
03Attacker Capabilities
Read, write, or delete arbitrary files on the server.
Potential impact on your site
04Site Impact
An authenticated user can access sensitive files, modify system configuration, or disrupt site availability.
Conditions required to exploit
05Prerequisites
Attacker must have a valid low-privilege user account; no user interaction required.
Key dates
06Disclosure timeline
December 9, 2024
CVE published
April 28, 2026
Record updated