Lucene search
K

4 matches found

NVD
NVD
added 2022/10/31 8:15 p.m.23 views

CVE-2022-42923

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete'...

8.8CVSS0.00585EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/10/31 7:58 p.m.27 views

CVE-2022-42923 SQL injection in Forma LMS

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete'...

8.3CVSS9.4AI score0.00585EPSS
Exploits0References1
Prion
Prion
added 2014/11/06 3:55 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the 1 idcustom parameter in an amanmenu request or 2 idgame parameter in an alms/games/edit request to appCore/index.php...

4.3CVSS6.1AI score0.01891EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2014/11/06 3:0 p.m.30 views

CVE-2014-5257

Multiple cross-site scripting XSS vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the 1 idcustom parameter in an amanmenu request or 2 idgame parameter in an alms/games/edit request to appCore/index.php...

5.7AI score0.01891EPSS
Exploits2References5
Rows per page
Query Builder