CVE Tools

formalms

Enterprise Softwarecommercial

11

Cumulative CVEs

3

Monthly snapshots

#94

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting formalms.

CVE-2026-26744A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages fo...5.3Feb 19, 2026
CVE-2020-36960Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site Scripting6.4Jan 26, 2026
CVE-2023-46693Cross Site Scripting (XSS) vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters.6.1Dec 7, 2023
CVE-2022-41679Cross-site scripting in Forma LMS version4.7Oct 31, 2022
CVE-2022-42924SQL injection in Forma LMS7.6Oct 31, 2022
CVE-2022-41681File Upload vulnerability in Forma LMS9.9Oct 31, 2022
CVE-2022-41680SQL Injection in Forma LMS7.6Oct 31, 2022
CVE-2022-42925Unrestricted Upload of File with Dangerous Type in Forma LMS9.9Oct 31, 2022
CVE-2022-42923SQL injection in Forma LMS8.3Oct 31, 2022
CVE-2022-27104An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3.9.8Apr 19, 2022
CVE-2021-43136An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker to bypass the authentication mechanism and obtain a valid access to the platform.9.8Nov 10, 2021
CVE-2020-26802forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to accom...8.8Oct 8, 2020
CVE-2019-5110Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with par...8.8Dec 3, 2019
CVE-2019-5109Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with pa...8.8Dec 3, 2019
CVE-2019-5112Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_status was confirmed to suffer from SQL injectio...8.8Dec 3, 2019