CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-5110
https://notcve.org/view.php?id=CVE-2019-5110
03 Dec 2019 — Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. Se presentan vulnerabilidades de inyección SQL explotables en la parte autenticada de Forma LMS versión... • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0903 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-5109
https://notcve.org/view.php?id=CVE-2019-5109
03 Dec 2019 — Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. Se presentan vulnerabilidades de inyección SQL explotables en la parte autenticada de Forma LMS versió... • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0902 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-5112
https://notcve.org/view.php?id=CVE-2019-5112
03 Dec 2019 — Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_status was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. Se pre... • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0904 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-5111
https://notcve.org/view.php?id=CVE-2019-5111
03 Dec 2019 — Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_cat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. Se presen... • https://talosintelligence.com/vulnerability_reports/TALOS-2019-0904 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 4CVE-2014-5257 – Forma Lms 1.2.1 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-5257
05 Nov 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the (1) id_custom parameter in an amanmenu request or (2) id_game parameter in an alms/games/edit request to appCore/index.php. Múltiples vulnerabilidades de XSS en Forma Lms anterior a 1.2.1 p01 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de el parámetro (1) id_custom en una solicitud amanmenu o (2) id_game en un... • https://packetstorm.news/files/id/128978 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •