PT-2022-26022 · Forma Lms · Forma Lms

Name of the Vulnerable Software and Affected Versions: Forma LMS versions 3.1.0 and earlier Description: The issue allows an authenticated attacker with the role of student to perform a SQL injection on the 'searchvalue' parameter in the "appLms/ajax.server.php?r=mycertificate/getMyCertificates"...

PT-2022-26023 · Forma Lms · Forma Lms

Name of the Vulnerable Software and Affected Versions: Forma LMS versions 3.1.0 and earlier Description: The issue allows an authenticated attacker with the role of student to privilege escalate and upload a Zip file through the SCORM importer feature, potentially leading to remote code injection...

PT-2022-26659 · Forma Lms · Forma Lms

Name of the Vulnerable Software and Affected Versions: Forma LMS versions 3.1.0 and earlier Description: The issue allows an authenticated attacker with the role of student to privilege escalate and upload a Zip file through the plugin upload component. This could lead to a remote code injection...

PT-2022-26020 · Forma Lms · Forma Lms

Name of the Vulnerable Software and Affected Versions: Forma LMS versions 3.1.0 and earlier Description: The issue allows a remote attacker to inject javascript code on the back url parameter in the "appLms/index.php?modname=faq&op=play" function, potentially leading to the theft of user cookies...

CVE-2022-27104

An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3...

CVE-2022-27104

An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3...

CVE-2022-27104

An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3...

Sql injection

An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3...

CVE-2022-27104

CVE-2022-27104 affects Forma LMS prior to v1.4.3 . The vulnerability is an Unauthenticated time-based blind SQL injection arising from inadequate validation of externally supplied SQL statements. Impact is described as high/severe in CVSS terms, with potential confidentiality, integrity, and avai...

CVE-2022-27104

An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3...

Forma Learning Management System SQL注入漏洞

Forma Learning Management System LMS is a Learning Management System LMS. A security vulnerability exists in Learning Management System v 1.0, which can be exploited by remote attackers to execute arbitrary SQL statements via the id parameter and obtain sensitive database information...

Forma LMS 2.3 Cross Site Scripting

Exploit Title: Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site Scripting Date: 04-12-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.formalms.org/download.html Software Link: https://www.formalms.org/ Version: 2.3 Tested on: Windows 10/Kali Linux...

Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site Scripting

Exploit Title: Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site Scripting Date: 04-12-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.formalms.org/download.html Software Link: https://www.formalms.org/ Version: 2.3 Tested on: Windows 10/Kali Linux...

forma-eltech.fr Cross Site Scripting vulnerability OBB-1376624

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

forma-d.bg Cross Site Scripting vulnerability

Security Researcher ImPRINCE Helped patch 123 vulnerabilities Received 3 Coordinated Disclosure badges , a holder of 3 badges for responsible and coordinated disclosure, found a security vulnerability affecting forma-d.bg website and its users. Following coordinated and responsible vulnerability...

forma.lms <= 2.2.1 Multiple SQL Injection Vulnerabilities

Forma Learning Management System is prone to multiple SQL injection vulnerabilities. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as...

forma.lms Detection (HTTP)

Checks whether Forma Learning Management System is present on the target system and if so, tries to figure out the installed version. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under th...

Forma Learning Management System SQL Injection Vulnerability (CNVD-2020-02570)

Forma Learning Management System LMS is a learning management system LMS. A SQL injection vulnerability exists in the Forma Learning Management System. An attacker can exploit the vulnerability with a specially crafted web request to disclose database user credentials and potentially access the...

Forma Learning Management System SQL Injection Vulnerability (CNVD-2019-44282)

Forma Learning Management System LMS is a learning management system LMS. A SQL injection vulnerability exists in the Forma Learning Management System. An attacker can exploit the vulnerability with a specially crafted web request to disclose database user credentials and potentially access the...

Forma Learning Management System SQL Injection Vulnerability (CNVD-2019-44281)

Forma Learning Management System LMS is a learning management system LMS. A SQL injection vulnerability exists in the Forma Learning Management System. An attacker can exploit the vulnerability with a specially crafted web request to disclose database user credentials and potentially access the...