Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Formalms Subscribe
Filtered by product Formalms

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-5110 1 Formalms 1 Formalms 2022-07-17 6.5 MEDIUM 8.8 HIGH
Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.
CVE-2019-5109 1 Formalms 1 Formalms 2022-07-17 6.5 MEDIUM 8.8 HIGH
Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.
CVE-2019-5111 1 Formalms 1 Formalms 2022-07-17 6.5 MEDIUM 8.8 HIGH
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_cat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.
CVE-2019-5112 1 Formalms 1 Formalms 2022-07-17 6.5 MEDIUM 8.8 HIGH
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_status was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.
CVE-2020-26802 1 Formalms 1 Formalms 2020-10-15 6.8 MEDIUM 8.8 HIGH
forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to accomplish an account takeover.