Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branch. Users won't face this issue if they are using the latest main branch of the app.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 03 Oct 2025 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Frappe learning
CPEs cpe:2.3:a:frappe:frappe_lms:*:*:*:*:*:*:*:* cpe:2.3:a:frappe:learning:*:*:*:*:*:*:*:*
Vendors & Products Frappe frappe Lms
Frappe learning

Tue, 24 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-09-24T14:50:49.075Z

Reserved: 2023-09-14T16:13:33.307Z

Link: CVE-2023-42807

cve-icon Vulnrichment

Updated: 2024-08-02T19:30:24.171Z

cve-icon NVD

Status : Modified

Published: 2023-09-21T17:15:23.950

Modified: 2025-10-03T17:36:07.843

Link: CVE-2023-42807

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.