PT-2025-51294 · Unknown · Academy Lms
Cracker
·
Published
2025-12-15
·
Updated
2025-12-21
·
CVE-2023-53876
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Academy LMS version 6.1
Description
Academy LMS version 6.1 has a file upload issue. Authenticated users can upload malicious SVG files containing stored cross-site scripting payloads. An attacker can inject malicious scripts through the profile avatar upload feature by changing file extensions and embedding JavaScript code.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Academy Lms