2 matches found
CVE-2020-26802
forma.lms 2.3.0.2 is affected by Cross Site Request Forgery CSRF in formalms/appCore/index.php?r=lms/profile/show≈=saveinfo via a GET request to change the admin email address in order to accomplish an account takeover...
Cross site request forgery (csrf)
forma.lms 2.3.0.2 is affected by Cross Site Request Forgery CSRF in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to accomplish an account takeover...