Lucene search

GoogleOSV:CVE-2023-42807

HistorySep 21, 2023 - 5:15 p.m.

CVE-2023-42807

2023-09-2117:15:23

Google

osv.dev

frappe lms

sql injection

vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

Low

EPSS

0.001

Percentile

46.4%

JSON

Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the main branch. Users won’t face this issue if they are using the latest main branch of the app.

References

github.com/frappe/lms/security/advisories/GHSA-wvq3-3wvp-6x63

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

Low

EPSS

0.001

Percentile

46.4%

JSON

Related for OSV:CVE-2023-42807