AI Score
Confidence
High
EPSS
Percentile
32.6%
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page.
portswigger.net/web-security/csrf
www.linkedin.com/in/xvinicius/
xpsec.co/blog/academy-lms-5-10-coupon-csrf