143 matches found
CVE-2022-42924
Forma LMS
CVE-2022-41681
Forma LMS
CVE-2022-41681 File Upload vulnerability in Forma LMS
There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker with the role of student to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection...
CVE-2022-41681 File Upload vulnerability in Forma LMS
There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker with the role of student to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection...
CVE-2022-41680 SQL Injection in Forma LMS
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'searchvalue parameter in the...
CVE-2022-41680
Forma LMS (versions 3.1.0 and earlier) is affected by a SQL injection in the search[value] parameter of appLms/ajax.server.php?r=mycertificate/getMyCertificates. An authenticated attacker with the role of student could exploit this to dump the entire database. The vulnerability is documented acro...
CVE-2022-41680 SQL Injection in Forma LMS
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'searchvalue parameter in the...
CVE-2022-42925
CVE-2022-42925 affects Forma LMS 3.1.0 and earlier. An authenticated user with the student role can privilege-escalate via the plugin upload component to upload a ZIP file, which could lead to remote code execution. Public documentation lists this CVE with high/critical impact (CVSS/CRITICAL) and...
CVE-2022-42925 Unrestricted Upload of File with Dangerous Type in Forma LMS
There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker with the role of student to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection...
CVE-2022-42925 Unrestricted Upload of File with Dangerous Type in Forma LMS
There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker with the role of student to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection...
CVE-2022-42923 SQL injection in Forma LMS
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete'...
CVE-2022-42923 SQL injection in Forma LMS
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete'...
CVE-2022-42923
Forma LMS ≤ 3.1.0 is affected by a SQL injection in the id parameter of appCore/index.php?r=adm/mediagallery/delete. An authenticated student can exploit this to dump the database or delete contents from core_user_file. Root cause is a SQL injection vulnerability in that endpoint; exploitation de...
Forma Learning Management System 跨站脚本漏洞
Forma Learning Management System LMS is a Learning Management System LMS. A security vulnerability exists in Forma Learning Management System 3.1.0 and prior versions, which originated from a vulnerability that allows remote attackers to inject JavaScript code into the backurl parameter, which ca...
Forma Learning Management System 代码问题漏洞
Forma Learning Management System LMS is a Learning Management System LMS. A security vulnerability exists in Forma Learning Management System version 3.1.0 and earlier, which can be exploited by an attacker to elevate privileges and upload a Zip file via the SCORM importer feature...
Forma Learning Management System SQL注入漏洞
Forma Learning Management System LMS is a Learning Management System LMS. A security vulnerability exists in the Forma Learning Management System version 3.1.0, which originates from an SQl injection of the dynfilter parameter of the appLms/ajax.admserver.php?r=widget/userselector/getusertabledat...
Forma Learning Management System 代码问题漏洞
Forma Learning Management System LMS is a learning management system LMS. A security vulnerability exists in Forma Learning Management System version 3.1.0, which originates from the ability to upload a zip file when having student privileges, which could lead to remote code execution...
Forma Learning Management System SQL注入漏洞
Forma Learning Management System LMS is a Learning Management System LMS. A security vulnerability exists in the Forma Learning Management System version 3.1.0, which originates from an SQl injection against the id parameter of the appCore/index.php?r=adm/mediagallery/delete function when student...
PT-2022-26657 · Forma Lms · Forma Lms
Name of the Vulnerable Software and Affected Versions: Forma LMS versions 3.1.0 and earlier Description: The issue allows an authenticated attacker with the role of student to perform a SQL injection on the id parameter in the "appCore/index.php?r=adm/mediagallery/delete" function. This could...
PT-2022-26658 · Forma Lms · Forma Lms
Name of the Vulnerable Software and Affected Versions: Forma LMS versions 3.1.0 and earlier Description: The issue allows an authenticated attacker, with the role of a student, to perform a SQL injection on the dyn filter parameter in the "appLms/ajax.adm...