Vulnerabilities > Formalms > Formalms > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-19 | CVE-2022-27104 | SQL Injection vulnerability in Formalms An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3. | 9.8 |
| 2021-11-10 | CVE-2021-43136 | Use of Hard-coded Credentials vulnerability in Formalms An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker to bypass the authentication mechanism and obtain a valid access to the platform. | 9.8 |