Lucene search
+L

115 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2022-45979

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00585EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:35 p.m.9 views

CVE-2022-27104

An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3...

9.8CVSS7.8AI score0.01211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:57 p.m.14 views

CVE-2019-5109

Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...

8.8CVSS7.7AI score0.01064EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:57 p.m.20 views

CVE-2019-5110

Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...

8.8CVSS7.7AI score0.01064EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:56 p.m.10 views

CVE-2019-5112

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filterstatus was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with...

8.8CVSS7.4AI score0.01605EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:52 p.m.14 views

CVE-2019-5111

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filtercat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters...

8.8CVSS7.4AI score0.01393EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2023/08/23 12:0 a.m.270 views

Forma LMS 1.4 Database Disclosure

==================================================================================================================================== | Title : Forma lms v1.4 Database Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bi...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2022/12/28 12:0 a.m.16 views

Forma LMS <= 2.4.4 Improper Authentication Vulnerability

Forma LMS is prone to an improper authentication vulnerability. Copyright C 2022 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free...

9.8CVSS9.6AI score0.15725EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2022/11/02 12:0 a.m.16 views

Forma LMS <= 1.4.3 SQL Injection Vulnerability

Forma LMS is prone to an SQL injection vulnerability. Copyright C 2022 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software...

9.8CVSS10AI score0.01211EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/11/02 12:0 a.m.23 views

Forma LMS <= 3.1.0 Multiple Vulnerabilities

Forma LMS is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation...

9.9CVSS7.1AI score0.00863EPSS
Exploits0References1
NVD
NVD
added 2022/10/31 8:15 p.m.23 views

CVE-2022-42923

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete'...

8.8CVSS0.00585EPSS
Exploits0References1
OSV
OSV
added 2022/10/31 8:15 p.m.6 views

CVE-2022-42924

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'dynfilter' parameter in the...

6.5CVSS5.8AI score0.00437EPSS
Exploits0References1
NVD
NVD
added 2022/10/31 8:15 p.m.19 views

CVE-2022-41680

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'searchvalue parameter in the...

7.6CVSS0.00276EPSS
Exploits0References1
OSV
OSV
added 2022/10/31 8:15 p.m.11 views

CVE-2022-41679

Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “backurl” parameter in appLms/index.php?modname=faq&op=play function. The exploitation of this vulnerability could allow an attacker to...

6.1CVSS5.9AI score0.00454EPSS
Exploits0References1
NVD
NVD
added 2022/10/31 8:15 p.m.13 views

CVE-2022-41679

Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “backurl” parameter in appLms/index.php?modname=faq&op=play function. The exploitation of this vulnerability could allow an attacker to...

6.1CVSS0.00454EPSS
Exploits0References1
NVD
NVD
added 2022/10/31 8:15 p.m.15 views

CVE-2022-42924

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'dynfilter' parameter in the...

7.6CVSS0.00437EPSS
Exploits0References1
NVD
NVD
added 2022/10/31 8:15 p.m.17 views

CVE-2022-42925

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker with the role of student to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection...

9.9CVSS0.00863EPSS
Exploits0References1
NVD
NVD
added 2022/10/31 8:15 p.m.10 views

CVE-2022-41681

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker with the role of student to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection...

9.9CVSS0.00863EPSS
Exploits0References1
OSV
OSV
added 2022/10/31 8:15 p.m.4 views

CVE-2022-41680

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'searchvalue parameter in the...

6.5CVSS5.8AI score0.00276EPSS
Exploits0References1
Prion
Prion
added 2022/10/31 8:15 p.m.17 views

Cross site scripting

Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “backurl” parameter in appLms/index.php?modname=faq&op=play function. The exploitation of this vulnerability could allow an attacker to...

5.8CVSS6.2AI score0.00454EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder