Lucene search
K

10 matches found

OSV
OSV
added 2019/12/03 10:15 p.m.5 views

CVE-2019-5109

Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...

8.8CVSS7.2AI score0.01064EPSS
Exploits1References1
Prion
Prion
added 2019/12/03 10:15 p.m.14 views

Sql injection

Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...

6.5CVSS8.9AI score0.01064EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/12/03 9:44 p.m.90 views

CVE-2019-5110

Forma LMS 2.2.1 is affected by multiple SQL injection vulnerabilities in authenticated areas. The TALOS advisories confirm exploitable injections in /appCore/index.php (users parameter) and /appLms/ajax.server.php (filter_cat, filter_status) that could allow an attacker to exfiltrate database dat...

8.8CVSS8.9AI score0.01064EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/12/03 9:43 p.m.77 views

CVE-2019-5109

Forma LMS 2.2.1 is affected by SQL injection vulnerabilities in the authenticated portion. The TALOS advisory/TALOS-2019-0902 details SQLi in /appCore/ajax.adm_server.php (dir parameter) and TALOS-2019-0903/0904 describe additional vectors; CVE-2019-5109 covers /appLms/ajax.server.php filter_cat ...

8.8CVSS8.9AI score0.01064EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/12/03 9:37 p.m.26 views

CVE-2019-5111

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filtercat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters...

7.4CVSS8.8AI score0.01393EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2019/12/03 12:0 a.m.22 views

CVE-2019-5111

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filtercat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters...

8.8CVSS5AI score0.01393EPSS
Exploits1References2
Talos Blog
Talos Blog
added 2019/12/02 10:46 a.m.36 views

Vulnerability Spotlight: SQL injection vulnerabilities in Forma Learning Management System

Yuri Kramarz of Security Advisory EMEAR discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered three SQL injection vulnerabilities in the authenticated portion of the Formal Learning Management System. LMS is a set of software that allows companies to build and hos...

6.5CVSS1.5AI score0.01605EPSS
Exploits4
Talos
Talos
added 2019/12/02 12:0 a.m.80 views

Forma LMS 2.2.1 /appLms/ajax.server.php filter_cat and filter_status parameters SQL injections

Summary Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...

8.5AI score
Exploits0
Talos
Talos
added 2019/12/02 12:0 a.m.50 views

Forma LMS 2.2.1 ajax.adm_server.php dir parameter SQL injections

Summary Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowin...

8.8CVSS8.6AI score0.01064EPSS
Exploits1
Talos
Talos
added 2019/12/02 12:0 a.m.49 views

Forma LMS 2.2.1 /appCore/index.php users parameter SQL injections

Summary Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...

8.8CVSS8.7AI score0.01064EPSS
Exploits1
Rows per page
Query Builder