← Voltar para CVEs
CVE-2023-42807
MEDIUM6.3
Descricao
Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branch. Users won't face this issue if they are using the latest main branch of the app.
Detalhes CVE
Pontuacao CVSS v3.16.3
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado9/21/2023
Ultima modificacao10/3/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
frappe:learning
Fraquezas (CWE)
CWE-89
Referencias
https://github.com/frappe/lms/security/advisories/GHSA-wvq3-3wvp-6x63(security-advisories@github.com)
https://github.com/frappe/lms/security/advisories/GHSA-wvq3-3wvp-6x63(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.