Unrated severityNVD Advisory· Published Sep 21, 2023· Updated Sep 24, 2024

Frappe LMS SQL Injection Issue on People Page

CVE-2023-42807

Description

Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the main branch. Users won't face this issue if they are using the latest main branch of the app.

Affected products

Frappe/Lmsv5
Range: <= 1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/frappe/lms/security/advisories/GHSA-wvq3-3wvp-6x63mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000