CVE-2022-47131
published 2023-02-03CVE-2022-47131: A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.
PriorityP416medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.41%
32.6th percentile
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| creativeitem | academy_lms | < 5.10 | 5.10 |
| linux | linux_kernel | >= 0 < 5.4.0-190.210 | 5.4.0-190.210 |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
osv7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-aws, linux-aws-5.4 vulnerabilities
osv·2024-07-30·CVSS 7.8
CVE-2022-48655 linux-aws, linux-aws-5.4 vulnerabilities
linux-aws, linux-aws-5.4 vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM SCMI message protocol;
- InfiniBand drivers;
- TTY drivers;
- TLS protocol;
(CVE-2022-48655, CVE-2024-36016, CVE-2024-26584, CVE-2021-47131,
CVE-2024-26907, CVE-2024-26585, CVE-2024-26583)
OSV
linux, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-raspi, linux-xilinx-zynqmp vulnerabili
osv·2024-07-29·CVSS 7.8
CVE-2024-26584 linux, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-raspi, linux-xilinx-zynqmp vulnerabili
linux, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-raspi, linux-xilinx-zynqmp vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM SCMI message protocol;
- InfiniBand drivers;
- TTY drivers;
- TLS protocol;
(CVE-2024-26584, CVE-2024-36016, CVE-2024-26585, CVE-2021-47131,
CVE-2024-26907, CVE-2022-48655, CVE-2024-26583)
GHSA
GHSA-vpjc-3v2r-p99w: A Cross-Site Request Forgery (CSRF) in Academy LMS before v5
ghsa_unreviewed·2023-02-03
CVE-2022-47131 [MEDIUM] CWE-352 GHSA-vpjc-3v2r-p99w: A Cross-Site Request Forgery (CSRF) in Academy LMS before v5
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://blog.hackingforce.com.br/en/xsshttps://portswigger.net/web-security/csrfhttps://portswigger.net/web-security/csrf/xss-vs-csrfhttps://www.linkedin.com/in/xvinicius/https://xpsec.co/blog/academy-lms-5-10-add-page-csrf-xsshttps://blog.hackingforce.com.br/en/xsshttps://portswigger.net/web-security/csrfhttps://portswigger.net/web-security/csrf/xss-vs-csrfhttps://www.linkedin.com/in/xvinicius/https://xpsec.co/blog/academy-lms-5-10-add-page-csrf-xsshttps://github.com/OpenXP-Research/CVE-2022-47131
2023-02-03
Published