Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
&color=brightgreen)
Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0903
- https://github.com/AbuHanifSiam/SQLInjection-Testing-on-a-Website
- https://github.com/AbuHanifSiam/SQLi-Injection-Testing-on-a-Website