PT-2023-28593 · Unknown · Frappe Lms

Muztahidul Islam Tanim

Publicado

2023-09-21

Atualizado

2025-10-03

CVE-2023-42807

CVSS v3.1

6.3

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Frappe LMS versions 1.0.0 and prior

Description Frappe LMS is an open source learning management system. The issue is related to an SQL Injection vulnerability on the People Page of LMS. The vulnerability has been fixed in the main branch.

Recommendations For versions 1.0.0 and prior, update to the latest main branch to resolve the issue. As a temporary workaround, consider restricting access to the People Page of LMS until the update is applied.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2023-42807

GHSA-WVQ3-3WVP-6X63

Produtos afetados

Frappe Lms

PT-2023-28593 · Unknown · Frappe Lms

CVE-2023-42807

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8