CVE-2019-5111

CVE-2019-5111

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_cat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.

Source: CVE-2019-5111

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다