3 matches found
CVE-2019-5112
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filterstatus was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with...
CVE-2019-5112
Forma LMS 2.2.1 is affected by authenticated SQL injection vulnerabilities in the /appLms/ajax.server.php endpoint (parameters filter_cat and filter_status). The TALOS advisory confirms exploitable injections that could lead to exfiltration of database information and, in some configurations, acc...
CVE-2019-5112
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filterstatus was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with...