Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
formalms formalms vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-46693
Cross Site Scripting (XSS) vulnerability in FormaLMS prior to 4.0.5 allows malicious users to run arbitrary code via title parameters.
Formalms Formalms
8.8
CVSSv3
CVE-2022-42923
Forma LMS on its 3.1.0 version and previous versions is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'id' parameter in the 'app...
Formalms Formalms
6.5
CVSSv3
CVE-2022-42924
Forma LMS on its 3.1.0 version and previous versions is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'dyn_filter' parameter in the &...
Formalms Formalms
8.8
CVSSv3
CVE-2022-42925
There is a vulnerability on Forma LMS version 3.1.0 and previous versions that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could le...
Formalms Formalms
8.8
CVSSv3
CVE-2022-41681
There is a vulnerability on Forma LMS version 3.1.0 and previous versions that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lea...
Formalms Formalms
6.1
CVSSv3
CVE-2022-41679
Forma LMS version 3.1.0 and previous versions are affected by an Cross-Site scripting vulnerability, that could allow a remote malicious user to inject javascript code on the “back_url” parameter in appLms/index.php?modname=faq&op=play function. The exploitation o...
Formalms Formalms
6.5
CVSSv3
CVE-2022-41680
Forma LMS on its 3.1.0 version and previous versions is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'search[value] parameter in the appL...
Formalms Formalms
9.8
CVSSv3
CVE-2022-27104
An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3.
Formalms Formalms
9.8
CVSSv3
CVE-2021-43136
An authentication bypass issue in FormaLMS <= 2.4.4 allows an malicious user to bypass the authentication mechanism and obtain a valid access to the platform.
Formalms Formalms
8.8
CVSSv3
CVE-2020-26802
forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to accomplish an account takeover.
Formalms Formalms 2.3.0.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »