2 matches found
Forma LMS <= 3.1.0 Multiple Vulnerabilities
Forma LMS is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation...
CVE-2022-42925
CVE-2022-42925 affects Forma LMS 3.1.0 and earlier. An authenticated user with the student role can privilege-escalate via the plugin upload component to upload a ZIP file, which could lead to remote code execution. Public documentation lists this CVE with high/critical impact (CVSS/CRITICAL) and...