CVE-2023-42807

MEDIUM

Frappe LMS < 1.0.0 - SQL Injection via People Page

Title source: llm
STIX 2.1

Description

Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branch. Users won't face this issue if they are using the latest main branch of the app.

References (1)

Core 1
Core References

Scores

CVSS v3 6.3
EPSS 0.0035
EPSS Percentile 26.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
frappe/learning < 1.0.0
Published Sep 21, 2023
Tracked Since Feb 18, 2026