Vulnerabilities > Formalms > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-31 | CVE-2022-41681 | Unrestricted Upload of File with Dangerous Type vulnerability in Formalms There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. | 8.8 |
| 2022-10-31 | CVE-2022-42923 | SQL Injection vulnerability in Formalms Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. | 8.8 |
| 2022-10-31 | CVE-2022-42925 | Unrestricted Upload of File with Dangerous Type vulnerability in Formalms There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. | 8.8 |
| 2022-04-19 | CVE-2022-27104 | SQL Injection vulnerability in Formalms An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3. | 7.5 |