CVE-2019-5110

Name of the Vulnerable Software and Affected Versions Forma LMS version 2.2.1

Description Exploitable SQL injection vulnerabilities exist in the authenticated portion of the software. Specially crafted web requests can cause SQL injections, allowing an attacker to send a web request with parameters containing SQL injection attacks. This could potentially allow exfiltration of the database, user credentials, and in certain configurations, access to the underlying operating system.

Recommendations For Forma LMS version 2.2.1, update to a version that includes a fix for the SQL injection vulnerability. As a temporary workaround, consider restricting access to the authenticated portion of the software to minimize the risk of exploitation. Avoid using parameters that can contain SQL injection attacks in web requests until the issue is resolved.