Vulnerabilities > Formalms > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-31 | CVE-2022-41681 | Unrestricted Upload of File with Dangerous Type vulnerability in Formalms There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. | 8.8 |
| 2022-10-31 | CVE-2022-42923 | SQL Injection vulnerability in Formalms Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. | 8.8 |
| 2022-10-31 | CVE-2022-42925 | Unrestricted Upload of File with Dangerous Type vulnerability in Formalms There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. | 8.8 |
| 2020-10-08 | CVE-2020-26802 | Cross-Site Request Forgery (CSRF) vulnerability in Formalms 2.3.0.2 forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to accomplish an account takeover. | 8.8 |
| 2019-12-03 | CVE-2019-5112 | SQL Injection vulnerability in Formalms 2.2.1 Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. | 8.8 |
| 2019-12-03 | CVE-2019-5111 | SQL Injection vulnerability in Formalms 2.2.1 Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. | 8.8 |
| 2019-12-03 | CVE-2019-5110 | SQL Injection vulnerability in Formalms 2.2.1 Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. | 8.8 |
| 2019-12-03 | CVE-2019-5109 | SQL Injection vulnerability in Formalms 2.2.1 Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. | 8.8 |