CVE-2019-5111
CVE-2019-5111
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.4EPSS 1.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
03 dez 2019Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_cat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Produtos afetados
n/a · FormaQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →