Forma LMS - CVE CyberSecurity Database News

CVE-2022-41679 - Exploiting an XSS Vulnerability in Forma LMS via the "back_url" Parameter

Oct 31, 2022 XSS Exploit PHP Forma Forma LMS

CVE-2022-41679 - Exploiting an XSS Vulnerability in Forma LMS via the "back_url" Parameter

Forma LMS is a popular open-source Learning Management System used by organizations worldwide to deliver online courses. Unfortunately, up to version 3.1., Forma LMS

Oct 31, 2022 PHP Forma Forma LMS

CVE-2022-42925 - How Forma LMS Student Uploads Can Become a Remote Code Injection Nightmare

CVE-2022-42925 is a critical vulnerability that affects Forma LMS (Learning Management System) software, version 3.1. and earlier. At first glance, it may sound like

Oct 31, 2022 Exploit PHP Forma Forma LMS

CVE-2022-41681 - Privilege Escalation & Remote Code Injection via SCORM Import in Forma LMS <= 3.1.

Forma LMS is a popular open-source Learning Management System used by educational institutions and organizations worldwide. On October 2022, a security flaw was discovered in

Oct 31, 2022 Exploit SQL PHP Forma Forma LMS

CVE-2022-41680 - SQL Injection in Forma LMS 3.1. and Earlier—How a Simple Student Account Could Dump Your Entire Database

If your organization is using Forma LMS version 3.1. or below, you are exposed to a critical database vulnerability. This post will walk you