CVE-2023-1728
published 2023-04-04CVE-2023-1728: Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection. This…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.42%
69.5th percentile
Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection.
This issue affects LMS: before 23.04.03.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fernus | learning_management_systems | < 23.04.03 | 23.04.03 |
| fernus_informatics | lms | < 23.04.03 | 23.04.03 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-04-04
Published