Lucene search
PRIOn knowledge basePRION:CVE-2023-4974HistorySep 15, 2023 - 3:15 a.m.
Sql injection
2023-09-1503:15:00
PRIOn knowledge base
www.prio-n.com
6
vulnerability
academy lms 6.2
critical
sql injection
get parameter handler
remote attack
vdb-239750
vendor disclosure
A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
| CPE | Name | Operator | Version |
|---|---|---|---|
| academy_lms | eq | 6.2 |
Related
cve
cve
CVE-2023-4974
2023-09-15 03:15:09
exploitdb
exploitdb
Academy LMS 6.2 - SQL Injection
2024-01-31 00:00:00
zdt
zdt
Academy LMS 6.2 SQL Injection Vulnerability
2023-09-18 00:00:00
vulnrichment
vulnrichment
CVE-2023-4974 Academy LMS GET Parameter filter sql injection
2023-09-15 02:00:11
nuclei
nuclei
Academy LMS 6.2 - SQL Injection
2023-10-17 07:20:28
cvelist
cvelist
CVE-2023-4974 Academy LMS GET Parameter filter sql injection
2023-09-15 02:00:11
nvd
nvd
CVE-2023-4974
2023-09-15 03:15:09
packetstorm
packetstorm
Academy LMS 6.2 SQL Injection
2023-09-15 00:00:00