Frappe LMS SQL Injection Issue on People Page
CVE-2023-42807

6.3MEDIUM

Key Information:

Vendor: Frappe
Status: Lms
Vendor: CVE Published:; 21 September 2023

What is CVE-2023-42807?

Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the main branch. Users won't face this issue if they are using the latest main branch of the app.

Affected Version(s)

lms <= 1.0

References

https://github.com/frappe/lms/security/advisories/GHSA-wv...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 21, 2023
Vulnerability Reserved
Sep 14, 2023

JSON