CVSS 3.1 Score 9.8 of 10 (high)


Published Sep 21, 2023
Updated: Sep 25, 2023


CVE-2023-42807 is an SQL Injection vulnerability found in Frappe LMS, an open source learning management system. The vulnerability exists in versions 1.0.0 and earlier, specifically on the People Page of LMS. The issue has been fixed in the 'main' branch, so users are advised to update to the latest version to avoid this vulnerability. The vulnerability has a base severity rating of CRITICAL and a base score of 9.8 according to the NVD, indicating a significant potential danger to organizations using affected versions of Frappe LMS.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-42807 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options