← Zuruck zu CVEs
CVE-2023-42807
MEDIUM6.3
Beschreibung
Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branch. Users won't face this issue if they are using the latest main branch of the app.
CVE Details
CVSS v3.1 Bewertung6.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht9/21/2023
Zuletzt geandert10/3/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
frappe:learning
Schwachen (CWE)
CWE-89
Referenzen
https://github.com/frappe/lms/security/advisories/GHSA-wvq3-3wvp-6x63(security-advisories@github.com)
https://github.com/frappe/lms/security/advisories/GHSA-wvq3-3wvp-6x63(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.