High severity8.8NVD Advisory· Published Oct 8, 2020· Updated Jun 17, 2026
CVE-2020-26802
CVE-2020-26802
Description
forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to accomplish an account takeover.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- forma.lms/forma.lmsdescription
Patches
Vulnerability mechanics
References
1- www.exploit-db.com/exploits/48494nvdExploitThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.