Search criteria
7 vulnerabilities by forma
CVE-2020-36998 (GCVE-0-2020-36998)
Vulnerability from cvelistv5 – Published: 2026-01-30 16:16 – Updated: 2026-01-30 16:30
VLAI?
Title
forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting
Summary
Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scripting vulnerability in multiple course and profile parameters. Attackers can inject malicious scripts in course code, name, description fields, and email parameter to execute arbitrary JavaScript without proper input sanitization.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| forma | E-Learning Suite |
Affected:
0 , ≤ 2.3.0.2
(semver)
|
Credits
Daniel Ortiz
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36998",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-30T16:30:47.213656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-30T16:30:54.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "E-Learning Suite",
"vendor": "forma",
"versions": [
{
"lessThanOrEqual": "2.3.0.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Daniel Ortiz"
}
],
"datePublic": "2020-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scripting vulnerability in multiple course and profile parameters. Attackers can inject malicious scripts in course code, name, description fields, and email parameter to execute arbitrary JavaScript without proper input sanitization."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-30T16:16:37.882Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-48478",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/48478"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "https://sourceforge.net/projects/forma/"
},
{
"name": "Software Download Link",
"tags": [
"product"
],
"url": "https://sourceforge.net/projects/forma/files/latest/download"
},
{
"name": "VulnCheck Advisory: forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/formalms-the-e-learning-suite-persistent-cross-site-scripting"
}
],
"title": "forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36998",
"datePublished": "2026-01-30T16:16:37.882Z",
"dateReserved": "2026-01-27T15:47:08.000Z",
"dateUpdated": "2026-01-30T16:30:54.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-41679 (GCVE-0-2022-41679)
Vulnerability from cvelistv5 – Published: 2022-10-31 19:59 – Updated: 2025-05-02 19:57
VLAI?
Title
Cross-site scripting in Forma LMS version
Summary
Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “back_url” parameter in appLms/index.php?modname=faq&op=play function. The exploitation of this vulnerability could allow an attacker to steal the user´s cookies in order to log in to the application.
Severity ?
4.7 (Medium)
CWE
- CWE-79 - improper neutralization of input during web page generation (Cross-site Scripting)
Assigner
References
Credits
Tin Pham aka 'TF1T'
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:43.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulnerabilities-forma-lms"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41679",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T19:57:06.140243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T19:57:29.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Forma LMS",
"vendor": "Forma",
"versions": [
{
"lessThanOrEqual": "3.1.0",
"status": "affected",
"version": "3.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tin Pham aka \u0027TF1T\u0027"
}
],
"datePublic": "2022-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the \u201cback_url\u201d parameter in appLms/index.php?modname=faq\u0026op=play function. The exploitation of this vulnerability could allow an attacker to steal the user\u00b4s cookies in order to log in to the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: improper neutralization of input during web page generation (Cross-site Scripting)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulnerabilities-forma-lms"
}
],
"source": {
"advisory": "INCIBE-2022-0982",
"defect": [
"INC-2022-00051"
],
"discovery": "EXTERNAL"
},
"title": "Cross-site scripting in Forma LMS version",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2022-41679",
"datePublished": "2022-10-31T19:59:49.293Z",
"dateReserved": "2022-09-28T00:00:00.000Z",
"dateUpdated": "2025-05-02T19:57:29.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42924 (GCVE-0-2022-42924)
Vulnerability from cvelistv5 – Published: 2022-10-31 19:59 – Updated: 2025-05-05 14:03
VLAI?
Title
SQL injection in Forma LMS
Summary
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'dyn_filter' parameter in the 'appLms/ajax.adm_server.php?r=widget/userselector/getusertabledata' function in order to dump the entire database.
Severity ?
7.6 (High)
CWE
- CWE-89 - improper neutralization of special elements used in an SQL command (SQL injection)
Assigner
References
Credits
Tin Pham aka 'TF1T'
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulnerabilities-forma-lms"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-42924",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T14:03:07.506490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T14:03:19.048Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Forma LMS",
"vendor": "Forma",
"versions": [
{
"lessThanOrEqual": "3.1.0",
"status": "affected",
"version": "3.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tin Pham aka \u0027TF1T\u0027"
}
],
"datePublic": "2022-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the \u0027dyn_filter\u0027 parameter in the \u0027appLms/ajax.adm_server.php?r=widget/userselector/getusertabledata\u0027 function in order to dump the entire database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: improper neutralization of special elements used in an SQL command (SQL injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulnerabilities-forma-lms"
}
],
"source": {
"advisory": "INCIBE-2022-0982",
"defect": [
"INC-2022-00051"
],
"discovery": "EXTERNAL"
},
"title": "SQL injection in Forma LMS",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2022-42924",
"datePublished": "2022-10-31T19:59:33.604Z",
"dateReserved": "2022-10-14T00:00:00.000Z",
"dateUpdated": "2025-05-05T14:03:19.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41681 (GCVE-0-2022-41681)
Vulnerability from cvelistv5 – Published: 2022-10-31 19:59 – Updated: 2025-05-06 19:46
VLAI?
Title
File Upload vulnerability in Forma LMS
Summary
There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection.
Severity ?
9.9 (Critical)
CWE
- CWE-434 - unrestricted upload of file with dangerous type
Assigner
References
Credits
Tin Pham aka 'TF1T'
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:43.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulnerabilities-forma-lms"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41681",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T19:46:14.569779Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T19:46:26.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Forma LMS",
"vendor": "Forma",
"versions": [
{
"lessThanOrEqual": "3.1.0",
"status": "affected",
"version": "3.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tin Pham aka \u0027TF1T\u0027"
}
],
"datePublic": "2022-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: unrestricted upload of file with dangerous type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulnerabilities-forma-lms"
}
],
"source": {
"advisory": "INCIBE-2022-0982",
"defect": [
"INC-2022-00051"
],
"discovery": "EXTERNAL"
},
"title": "File Upload vulnerability in Forma LMS",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2022-41681",
"datePublished": "2022-10-31T19:59:17.538Z",
"dateReserved": "2022-09-28T00:00:00.000Z",
"dateUpdated": "2025-05-06T19:46:26.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41680 (GCVE-0-2022-41680)
Vulnerability from cvelistv5 – Published: 2022-10-31 19:59 – Updated: 2025-05-06 19:45
VLAI?
Title
SQL Injection in Forma LMS
Summary
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'search[value] parameter in the appLms/ajax.server.php?r=mycertificate/getMyCertificates' function in order to dump the entire database.
Severity ?
7.6 (High)
CWE
- CWE-89 - improper neutralization of special elements used in an SQL command (SQL injection)
Assigner
References
Credits
Tin Pham aka 'TF1T'
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:43.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulnerabilities-forma-lms"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T19:44:48.677489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T19:45:16.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Forma LMS",
"vendor": "Forma",
"versions": [
{
"lessThanOrEqual": "3.1.0",
"status": "affected",
"version": "3.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tin Pham aka \u0027TF1T\u0027"
}
],
"datePublic": "2022-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the \u0027search[value] parameter in the appLms/ajax.server.php?r=mycertificate/getMyCertificates\u0027 function in order to dump the entire database."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: improper neutralization of special elements used in an SQL command (SQL injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulnerabilities-forma-lms"
}
],
"source": {
"advisory": "INCIBE-2022-0982",
"defect": [
"INC-2022-00051"
],
"discovery": "EXTERNAL"
},
"title": "SQL Injection in Forma LMS",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2022-41680",
"datePublished": "2022-10-31T19:59:00.280Z",
"dateReserved": "2022-09-28T00:00:00.000Z",
"dateUpdated": "2025-05-06T19:45:16.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42925 (GCVE-0-2022-42925)
Vulnerability from cvelistv5 – Published: 2022-10-31 19:58 – Updated: 2025-05-06 19:44
VLAI?
Title
Unrestricted Upload of File with Dangerous Type in Forma LMS
Summary
There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection.
Severity ?
9.9 (Critical)
CWE
- CWE-434 - unrestricted upload of file with dangerous type
Assigner
References
Credits
Tin Pham aka 'TF1T'
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulnerabilities-forma-lms"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-42925",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T19:43:13.874403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T19:44:17.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Forma LMS",
"vendor": "Forma",
"versions": [
{
"lessThanOrEqual": "3.1.0",
"status": "affected",
"version": "3.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tin Pham aka \u0027TF1T\u0027"
}
],
"datePublic": "2022-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: unrestricted upload of file with dangerous type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulnerabilities-forma-lms"
}
],
"source": {
"advisory": "INCIBE-2022-0982",
"defect": [
"INC-2022-00051"
],
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in Forma LMS",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2022-42925",
"datePublished": "2022-10-31T19:58:45.089Z",
"dateReserved": "2022-10-14T00:00:00.000Z",
"dateUpdated": "2025-05-06T19:44:17.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42923 (GCVE-0-2022-42923)
Vulnerability from cvelistv5 – Published: 2022-10-31 19:58 – Updated: 2025-05-06 19:29
VLAI?
Title
SQL injection in Forma LMS
Summary
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete' function in order to dump the entire database or delete all contents from the 'core_user_file' table.
Severity ?
8.3 (High)
CWE
- CWE-89 - improper neutralization of special elements used in an SQL command (SQL injection)
Assigner
References
Credits
Tin Pham aka 'TF1T'
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulnerabilities-forma-lms"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-42923",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T19:28:48.050884Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T19:29:09.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Forma LMS",
"vendor": "Forma",
"versions": [
{
"lessThanOrEqual": "3.1.0",
"status": "affected",
"version": "3.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tin Pham aka \u0027TF1T\u0027"
}
],
"datePublic": "2022-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the \u0027id\u0027 parameter in the \u0027appCore/index.php?r=adm/mediagallery/delete\u0027 function in order to dump the entire database or delete all contents from the \u0027core_user_file\u0027 table."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: improper neutralization of special elements used in an SQL command (SQL injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulnerabilities-forma-lms"
}
],
"source": {
"advisory": "INCIBE-2022-0982",
"defect": [
"INC-2022-00051"
],
"discovery": "EXTERNAL"
},
"title": "SQL injection in Forma LMS",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2022-42923",
"datePublished": "2022-10-31T19:58:22.373Z",
"dateReserved": "2022-10-14T00:00:00.000Z",
"dateUpdated": "2025-05-06T19:29:09.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}