CVE Catalog

CVE-2026-42730

High
Published: Translated: NVD NIST

Summary

The MasterStudy LMS has a Blind SQL Injection vulnerability due to improper neutralization of special elements used in SQL commands. This issue affects versions from n/a through 3.7.29.

Risk Assessment

An attacker could exploit this vulnerability to gain unauthorized access to database data, potentially leading to serious security breaches.

Recommendation

It is recommended to update the MasterStudy LMS to the latest version to mitigate this vulnerability and implement additional security measures against SQL Injection attacks.

Original NVD description (English source)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through <= 3.7.29.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS