5 matches found
CVE-2022-42923
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete'...
CVE-2022-42923
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete'...
CVE-2022-42923 SQL injection in Forma LMS
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete'...
Forma Learning Management System SQL注入漏洞
Forma Learning Management System LMS is a Learning Management System LMS. A security vulnerability exists in the Forma Learning Management System version 3.1.0, which originates from an SQl injection against the id parameter of the appCore/index.php?r=adm/mediagallery/delete function when student...
CVE-2013-1466
Multiple cross-site scripting XSS vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the 1 subject parameter to profiles.php; 2 address1, 3 address2, 4 calendartype, 5 city, 6 state, 7 title, 8 url, or 9 zipcode parameter to...