CNNVD-202510-747 Information
CNNVD ID
CNNVD-202510-747
Related CVE
- CNNVD Published: 2025-10-05
Description (Chinese)
Frappe Learning Management System是Frappe开源的一个易于使用的开源学习管理系统。 Frappe Learning Management System 2.35.0版本存在安全漏洞,该漏洞源于未发布课程处理程序组件中文件/courses/的未知函数存在访问控制不当,可能导致远程攻击。
Description (English)
Frappe Learning Management System is an easy-to-use open-source learning management system for Frappe open sources. There is a security loophole in version 2.35.0 of Frappe Learning Management System, which stems from the inappropriate access control of the unknown function of document/courses/in the unpublished course processing component, which may lead to a remote attack.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
Frappe
Published
2025-10-05
Last Modified
2026-02-24
References
https://gist.github.com/0xHamy/5ebd820ad30f33827011e9a614fb2f89 https://gist.github.com/0xHamy/5ebd820ad30f33827011e9a614fb2f89#steps-to-reproduce https://vuldb.com/?ctiid.327015 https://vuldb.com/?id.327015 https://vuldb.com/?submit.659695
Patch
https://github.com/frappe/lms/releases
Share on: