EUVD-2020-30962

Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scripting vulnerability in multiple course and profile parameters. Attackers can inject malicious scripts in course code, name, description fields, and email parameter to execute arbitrary JavaScript without proper input...

CVE-2020-36960

Forma LMS 2.3 contains a stored cross-site scripting (XSS) vulnerability in the user profile first/last name fields. An attacker can inject scripts (e.g., ) that execute when other users view the profile. Connected sources provide CVSS scores (4.0: 5.1/ MEDIUM; 3.1: 6.4/ MEDIUM) and confirm the v...

CVE-2022-42923

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete'...

Forma Learning Management System 跨站脚本漏洞

Forma Learning Management System LMS is a Learning Management System LMS. A security vulnerability exists in Forma Learning Management System 3.1.0 and prior versions, which originated from a vulnerability that allows remote attackers to inject JavaScript code into the backurl parameter, which ca...

Forma Learning Management System 代码问题漏洞

Forma Learning Management System LMS is a learning management system LMS. A security vulnerability exists in Forma Learning Management System version 3.1.0, which originates from the ability to upload a zip file when having student privileges, which could lead to remote code execution...

Forma Learning Management System SQL注入漏洞

Forma Learning Management System LMS is a Learning Management System LMS. A security vulnerability exists in the Forma Learning Management System version 3.1.0, which originates from an SQl injection of the dynfilter parameter of the appLms/ajax.admserver.php?r=widget/userselector/getusertabledat...

Forma Learning Management System SQL注入漏洞

Forma Learning Management System LMS is a Learning Management System LMS. A security vulnerability exists in Learning Management System v 1.0, which can be exploited by remote attackers to execute arbitrary SQL statements via the id parameter and obtain sensitive database information...

forma.lms Detection (HTTP)

Checks whether Forma Learning Management System is present on the target system and if so, tries to figure out the installed version. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under th...

Forma Learning Management System SQL Injection Vulnerability (CNVD-2019-44282)

Forma Learning Management System LMS is a learning management system LMS. A SQL injection vulnerability exists in the Forma Learning Management System. An attacker can exploit the vulnerability with a specially crafted web request to disclose database user credentials and potentially access the...

Forma Learning Management System SQL Injection Vulnerability (CNVD-2019-44281)

Forma Learning Management System LMS is a learning management system LMS. A SQL injection vulnerability exists in the Forma Learning Management System. An attacker can exploit the vulnerability with a specially crafted web request to disclose database user credentials and potentially access the...

Forma Learning Management System SQL Injection Vulnerability (CNVD-2020-02570)

Forma Learning Management System LMS is a learning management system LMS. A SQL injection vulnerability exists in the Forma Learning Management System. An attacker can exploit the vulnerability with a specially crafted web request to disclose database user credentials and potentially access the...

Forma Learning Management System SQL Injection Vulnerability

Forma Learning Management System LMS is a learning management system LMS. A SQL injection vulnerability exists in the Forma Learning Management System. An attacker could exploit this vulnerability by sending a specially crafted web request to disclose database user credentials and access the...

Vulnerability Spotlight: SQL injection vulnerabilities in Forma Learning Management System

Yuri Kramarz of Security Advisory EMEAR discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered three SQL injection vulnerabilities in the authenticated portion of the Formal Learning Management System. LMS is a set of software that allows companies to build and hos...