Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0902 | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2019-12-03 22:15
Updated : 2024-02-28 17:28
NVD link : CVE-2019-5109
Mitre link : CVE-2019-5109
CVE.ORG link : CVE-2019-5109
JSON object : View
Products Affected
formalms
- formalms
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')