What is CVE-2023-42807?

CVE-2023-42807 is a medium-severity vulnerability in Frappe Lms, classified under SQL Injection. CVSS score: 6.3/10. Published 2023-09-21.

How severe is CVE-2023-42807?

Medium severity. CVSS v3 base score is 6.3 out of 10.

SQL Injection in Frappe Lms

CVE-2023-42807

Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branch. Users won't face this issue if they a…

Vulnerability class: SQL Injection

EPSS: 0.000 (14.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L.

Affected products

Frappe Lms — versions <= 1.0

Weakness classification (CWE)

CWE-89 — SQL Injection

References

https://github.com/frappe/lms/security/advisories/GHSA-wvq3-3wvp-6x63 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2023-42807?: CVE-2023-42807 is a medium-severity vulnerability in Frappe Lms, classified under SQL Injection. CVSS score: 6.3/10. Published 2023-09-21.
How severe is CVE-2023-42807?: Medium severity. CVSS v3 base score is 6.3 out of 10.