Vulnerabilities > CVE-2023-42807 - Unspecified vulnerability in Frappe LMS 1.0.0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

frappe

critical

NVD

Published: 2023-09-21

Updated: 2024-11-21

Summary

Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branch. Users won't face this issue if they are using the latest main branch of the app.

Vulnerable Configurations

Part	Description	Count
Application	Frappe Frappe Frappe LMS 1.0.0	1

References

https://github.com/frappe/lms/security/advisories/GHSA-wvq3-3wvp-6x63
https://github.com/frappe/lms/security/advisories/GHSA-wvq3-3wvp-6x63