Lucene search
+L

115 matches found

prion
prion
added 2022/10/31 8:15 p.m.17 views

Cross site scripting

Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “backurl” parameter in appLms/index.php?modname=faq&op=play function. The exploitation of this vulnerability could allow an attacker to...

5.8CVSS6.2AI score0.00454EPSS
Exploits0References1Affected Software1
prion
prion
added 2022/10/31 8:15 p.m.24 views

Sql injection

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete'...

6.5CVSS8.8AI score0.00585EPSS
Exploits0References1Affected Software1
prion
prion
added 2022/10/31 8:15 p.m.24 views

Sql injection

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'searchvalue parameter in the...

4CVSS6.7AI score0.00276EPSS
Exploits0References1Affected Software1
prion
prion
added 2022/10/31 8:15 p.m.17 views

Code injection

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker with the role of student to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection...

6.5CVSS9AI score0.00863EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2022/10/31 7:59 p.m.12 views

CVE-2022-41679 Cross-site scripting in Forma LMS version

Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “backurl” parameter in appLms/index.php?modname=faq&op=play function. The exploitation of this vulnerability could allow an attacker to...

4.7CVSS6.8AI score0.00454EPSS
Exploits0References1
cve
cve
added 2022/10/31 7:59 p.m.66 views

CVE-2022-41679

Forma LMS

6.1CVSS5.4AI score0.00454EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2022/10/31 7:59 p.m.19 views

CVE-2022-41679 Cross-site scripting in Forma LMS version

Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “backurl” parameter in appLms/index.php?modname=faq&op=play function. The exploitation of this vulnerability could allow an attacker to...

4.7CVSS7AI score0.00454EPSS
Exploits0References1
cve
cve
added 2022/10/31 7:59 p.m.61 views

CVE-2022-42924

Forma LMS

7.6CVSS6.8AI score0.00437EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2022/10/31 7:59 p.m.8 views

CVE-2022-42924 SQL injection in Forma LMS

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'dynfilter' parameter in the...

7.6CVSS7.5AI score0.00437EPSS
Exploits0References1
cvelist
cvelist
added 2022/10/31 7:59 p.m.21 views

CVE-2022-42924 SQL injection in Forma LMS

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'dynfilter' parameter in the...

7.6CVSS8.5AI score0.00437EPSS
Exploits0References1
cve
cve
added 2022/10/31 7:59 p.m.64 views

CVE-2022-41681

Forma LMS

9.9CVSS9.1AI score0.00863EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2022/10/31 7:59 p.m.9 views

CVE-2022-41681 File Upload vulnerability in Forma LMS

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker with the role of student to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection...

9.9CVSS7.8AI score0.00863EPSS
Exploits0References1
cvelist
cvelist
added 2022/10/31 7:59 p.m.16 views

CVE-2022-41681 File Upload vulnerability in Forma LMS

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker with the role of student to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection...

9.9CVSS10AI score0.00863EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2022/10/31 7:59 p.m.8 views

CVE-2022-41680 SQL Injection in Forma LMS

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'searchvalue parameter in the...

7.6CVSS7.5AI score0.00276EPSS
Exploits0References1
cve
cve
added 2022/10/31 7:59 p.m.66 views

CVE-2022-41680

Forma LMS (versions 3.1.0 and earlier) is affected by a SQL injection in the search[value] parameter of appLms/ajax.server.php?r=mycertificate/getMyCertificates. An authenticated attacker with the role of student could exploit this to dump the entire database. The vulnerability is documented acro...

7.6CVSS6.8AI score0.00276EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2022/10/31 7:59 p.m.31 views

CVE-2022-41680 SQL Injection in Forma LMS

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'searchvalue parameter in the...

7.6CVSS8.5AI score0.00276EPSS
Exploits0References1
cve
cve
added 2022/10/31 7:58 p.m.68 views

CVE-2022-42925

CVE-2022-42925 affects Forma LMS 3.1.0 and earlier. An authenticated user with the student role can privilege-escalate via the plugin upload component to upload a ZIP file, which could lead to remote code execution. Public documentation lists this CVE with high/critical impact (CVSS/CRITICAL) and...

9.9CVSS9.1AI score0.00863EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2022/10/31 7:58 p.m.9 views

CVE-2022-42925 Unrestricted Upload of File with Dangerous Type in Forma LMS

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker with the role of student to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection...

9.9CVSS7.8AI score0.00863EPSS
Exploits0References1
cvelist
cvelist
added 2022/10/31 7:58 p.m.25 views

CVE-2022-42925 Unrestricted Upload of File with Dangerous Type in Forma LMS

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker with the role of student to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection...

9.9CVSS10AI score0.00863EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2022/10/31 7:58 p.m.7 views

CVE-2022-42923 SQL injection in Forma LMS

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete'...

8.3CVSS7.5AI score0.00585EPSS
Exploits0References1
Rows per page
Query Builder