Academy LMS
by Academy LMS
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-47132 | Hig | 0.57 | 8.8 | 0.01 | Feb 3, 2023 | A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users. | ||
| CVE-2023-4974 | Med | 0.41 | 6.3 | 0.05 | Sep 15, 2023 | A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql… | ||
| CVE-2023-4119 | Med | 0.31 | 4.3 | 0.02 | Aug 3, 2023 | A vulnerability has been found in Academy LMS 6.0 and classified as problematic. This vulnerability affects unknown code of the file /academy/home/courses. The manipulation of the argument query/sort_by leads to cross site scripting. The attack can be initiated remotely.… | ||
| CVE-2022-47131 | Med | 0.31 | 4.8 | 0.00 | Feb 3, 2023 | A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page. | ||
| CVE-2022-29380 | Med | 0.31 | 4.8 | 0.01 | May 25, 2022 | Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel. | ||
| CVE-2022-47130 | Med | 0.28 | 4.3 | 0.01 | Feb 3, 2023 | A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page. | ||
| CVE-2023-4973 | Low | 0.23 | 3.5 | 0.02 | Sep 15, 2023 | A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument… |
- risk 0.57cvss 8.8epss 0.01
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users.
- risk 0.41cvss 6.3epss 0.05
A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql…
- risk 0.31cvss 4.3epss 0.02
A vulnerability has been found in Academy LMS 6.0 and classified as problematic. This vulnerability affects unknown code of the file /academy/home/courses. The manipulation of the argument query/sort_by leads to cross site scripting. The attack can be initiated remotely.…
- risk 0.31cvss 4.8epss 0.00
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.
- risk 0.31cvss 4.8epss 0.01
Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel.
- risk 0.28cvss 4.3epss 0.01
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page.
- risk 0.23cvss 3.5epss 0.02
A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument…