VYPR
High severity7.6NVD Advisory· Published Oct 31, 2022· Updated Jun 17, 2026

CVE-2022-42924

CVE-2022-42924

Description

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'dyn_filter' parameter in the 'appLms/ajax.adm_server.php?r=widget/userselector/getusertabledata' function in order to dump the entire database.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Forma/Formalmsllm-fuzzy2 versions
    <=3.1.0+ 1 more
    • (no CPE)range: <=3.1.0
    • (no CPE)range: 3.0.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.