VYPR
Critical severity9.9NVD Advisory· Published Oct 31, 2022· Updated Jun 17, 2026

CVE-2022-42925

CVE-2022-42925

Description

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Forma/Formalmsllm-fuzzy2 versions
    <=3.1.0+ 1 more
    • (no CPE)range: <=3.1.0
    • (no CPE)range: 3.0.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.