Security Advisory

CVE-2020-26802

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-10-08 16:38:49

Last updated 2024-08-04 16:03:22

Assigner mitre

State PUBLISHED

Description

forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to accomplish an account takeover.

← Browse all CVEs View on cve.org ↗