Idealms Security Vulnerabilities

CVE-2022-31786

IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via the IdeaLMS/Class/Assessment/ PATH_INFO.

CVE-2022-31788

IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID= pathname.