Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Very Low
CVE-2019-5112
Disclosure Date: December 03, 2019 (last updated October 06, 2023)
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_status was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.
0