HomePentest-Tools.com Logo

forma.lms <= 2.2.1 Multiple SQL Injection Vulnerabilities CVE-2019-5109CVE-2019-5110CVE-2019-5111CVE-2019-5112

Severity
CVSSv3 Score
8.8
Vulnerability description

Forma Learning Management System is prone to multiple SQL injection vulnerabilities.

Risk description

Multiple SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.

Recommendation

Update to version 2.3 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Dec 3, 2019
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available