PT-2023-28593 · Unknown · Frappe Lms

Muztahidul Islam Tanim

Published

2023-09-21

Updated

2025-10-03

CVE-2023-42807

CVSS v3.1

6.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Frappe LMS versions 1.0.0 and prior

Description Frappe LMS is an open source learning management system. The issue is related to an SQL Injection vulnerability on the People Page of LMS. The vulnerability has been fixed in the main branch.

Recommendations For versions 1.0.0 and prior, update to the latest main branch to resolve the issue. As a temporary workaround, consider restricting access to the People Page of LMS until the update is applied.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2023-42807

GHSA-WVQ3-3WVP-6X63

Affected Products

Frappe Lms

PT-2023-28593 · Unknown · Frappe Lms

CVE-2023-42807

Weakness Enumeration

Related Identifiers

Affected Products

References · 8