CVE-2023-42807

Source
https://cve.org/CVERecord?id=CVE-2023-42807
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-42807.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-42807
Aliases
  • GHSA-wvq3-3wvp-6x63
Published
2023-09-21T16:37:49.041Z
Modified
2026-03-14T12:15:05.639255Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
Summary
Frappe LMS SQL Injection Issue on People Page
Details

Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the main branch. Users won't face this issue if they are using the latest main branch of the app.

Database specific
{
    "cwe_ids": [
        "CWE-89"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/42xxx/CVE-2023-42807.json"
}
References

Affected packages

Git / github.com/frappe/lms

Affected ranges

Type
GIT
Repo
https://github.com/frappe/lms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0"
        }
    ]
}

Affected versions

v1.*
v1.0.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-42807.json"