The exploit demonstrates multiple SQL injection vulnerabilities in Forma LMS 1.3, including blind time-based and union-based SQLi. It provides specific HTTP POST requests with crafted payloads targeting parameters like 'title' and 'id_source' to extract sensitive data such as user passwords.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target:Forma LMS 1.3
Auth required
Prerequisites:Valid session cookie (docebo_session) · Access to vulnerable endpoints