Vulnerability Database

314,432

Total vulnerabilities in the database

CVE-2023-42807

Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the main branch. Users won't face this issue if they are using the latest main branch of the app.

Published: Sep 21, 2023
Updated: Nov 16, 2025
CVE: CVE-2023-42807
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.3
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
frappe / learning	-	1.0.0.x

https://github.com/frappe/lms/security/advisories/GHSA-wvq3-3wvp-6x63

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo