CRITICAL
Fernus Informatics
CVE published 2023-04-04
CVE-2023-1728
CVE-2023-1728 is a critical vulnerability in Fernus Learning Management Systems (LMS) involving unrestricted upload of a file with a dangerous type. The issue can lead to OS command injection and Server Side Include (SSI) injection, and the CVSS v3.1 score is 9.8 (critical). NVD lists affected Fernus LMS versions as those before 23.04.03. Because the flaw is network exploitable, requires no privileges, an [truncated]