EUVD-2022-45981

ID: EUVD-2022-45981

Severity: critical

CVSS v4: Not provided

CVSS v3: 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

CWE: None listed

Source: ENISA

Description

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection.

Timestamps

Normalized: 2025-12-31T11:32:26Z UTC
Last updated: 2025-12-31T11:30:40Z UTC

References

No references provided.

VulnAI

EUVD-2022-45981

Description

Timestamps

References