Vulnerability Details CVE-2021-43136
An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker to bypass the authentication mechanism and obtain a valid access to the platform.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.47
EPSS Ranking 97.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 6.8
References
- http://packetstormsecurity.com/files/164930/FormaLMS-2.4.4-Authentication-Bypass.html
- https://blog.hacktivesecurity.com
- https://blog.hacktivesecurity.com/index.php/2021/10/05/cve-2021-43136-formalms-the-evil-default-value-that-leads-to-authentication-bypass/
- https://formalms.org
- http://packetstormsecurity.com/files/164930/FormaLMS-2.4.4-Authentication-Bypass.html
- https://blog.hacktivesecurity.com
- https://blog.hacktivesecurity.com/index.php/2021/10/05/cve-2021-43136-formalms-the-evil-default-value-that-leads-to-authentication-bypass/
- https://formalms.org
Products affected by CVE-2021-43136
-
cpe:2.3:a:formalms:formalms:1.0
-
cpe:2.3:a:formalms:formalms:1.00
-
cpe:2.3:a:formalms:formalms:1.1
-
cpe:2.3:a:formalms:formalms:1.2
-
cpe:2.3:a:formalms:formalms:1.2.1
-
cpe:2.3:a:formalms:formalms:1.3
-
cpe:2.3:a:formalms:formalms:1.4
-
cpe:2.3:a:formalms:formalms:1.4.1
-
cpe:2.3:a:formalms:formalms:1.4.2
-
cpe:2.3:a:formalms:formalms:1.4.3
-
cpe:2.3:a:formalms:formalms:2.0
-
cpe:2.3:a:formalms:formalms:2.1
-
cpe:2.3:a:formalms:formalms:2.2.1
-
cpe:2.3:a:formalms:formalms:2.3
-
cpe:2.3:a:formalms:formalms:2.3.0.2
-
cpe:2.3:a:formalms:formalms:2.4
-
cpe:2.3:a:formalms:formalms:2.4.1
-
cpe:2.3:a:formalms:formalms:2.4.2
-
cpe:2.3:a:formalms:formalms:2.4.3
-
cpe:2.3:a:formalms:formalms:2.4.4