10 matches found
CVE-2019-5109
Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...
Sql injection
Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...
CVE-2019-5110
Forma LMS 2.2.1 is affected by multiple SQL injection vulnerabilities in authenticated areas. The TALOS advisories confirm exploitable injections in /appCore/index.php (users parameter) and /appLms/ajax.server.php (filter_cat, filter_status) that could allow an attacker to exfiltrate database dat...
CVE-2019-5109
Forma LMS 2.2.1 is affected by SQL injection vulnerabilities in the authenticated portion. The TALOS advisory/TALOS-2019-0902 details SQLi in /appCore/ajax.adm_server.php (dir parameter) and TALOS-2019-0903/0904 describe additional vectors; CVE-2019-5109 covers /appLms/ajax.server.php filter_cat ...
CVE-2019-5111
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filtercat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters...
CVE-2019-5111
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filtercat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters...
Vulnerability Spotlight: SQL injection vulnerabilities in Forma Learning Management System
Yuri Kramarz of Security Advisory EMEAR discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered three SQL injection vulnerabilities in the authenticated portion of the Formal Learning Management System. LMS is a set of software that allows companies to build and hos...
Forma LMS 2.2.1 /appLms/ajax.server.php filter_cat and filter_status parameters SQL injections
Summary Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...
Forma LMS 2.2.1 ajax.adm_server.php dir parameter SQL injections
Summary Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowin...
Forma LMS 2.2.1 /appCore/index.php users parameter SQL injections
Summary Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...