GCVE - cpe:2.3:a:creativeitem:academy_lms:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:creativeitem:academy_lms:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Creativeitem (`3eda3dd0-95df-519c-b7c3-66479e67a88a`)
Product	Academy Lms (`b576c05b-fa50-5ee5-af14-a764014dedb6`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-56749`	vulnerable	2026-06-08 07:33:15.693369	Details available Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account. Published: 2025-10-15T00:00:00.000Z Updated: 2025-10-15T17:37:38.852Z Open on db.gcve.eu Reference links https://suryadina.com/academy-lms-jwt-secret-7k9m2x4p8q/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-56748`	vulnerable	2026-06-08 07:33:15.692950	Details available Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens and compromise user accounts. Published: 2025-10-15T00:00:00.000Z Updated: 2025-10-15T17:51:37.809Z Open on db.gcve.eu Reference links https://suryadina.com/academy-lms-reset-bruteforce-5q8w2e7t9y/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-56747`	vulnerable	2026-06-08 07:33:15.692613	Details available Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Api_instructor controller where regular authenticated users can access instructor-only functions without proper role validation, allowing unauthorized course creation and management. Published: 2025-10-14T00:00:00.000Z Updated: 2025-10-14T15:57:08.378Z Open on db.gcve.eu Reference links https://suryadina.com/academy-lms-instructor-escalation-3n7b9f2w5k	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-56746`	vulnerable	2026-06-08 07:33:15.692184	Details available Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers. Published: 2025-10-15T00:00:00.000Z Updated: 2025-10-15T15:36:11.922Z Open on db.gcve.eu Reference links https://suryadina.com/academy-lms-session-fixation-1t8v5n3q6h/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-53876`	vulnerable	2026-06-08 06:19:39.888429	Academy LMS 6.1 Arbitrary File Upload Vulnerability via Profile Settings Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable JavaScript code. Published: 2025-12-15T20:28:17.234Z Updated: 2026-04-07T14:07:02.883Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/51702 https://academylms.net/ https://www.vulncheck.com/advisories/academy-lms-arbitrary-file-upload-vulnerability-via-profile-settings	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3752`	vulnerable	2026-06-08 06:09:40.422325	Creativeitem Academy LMS courses cross site scripting LOW (3.5) A vulnerability was found in Creativeitem Academy LMS 5.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home/courses. The manipulation of the argument sort_by leads to cross site scripting. The attack may be launched remotely. VDB-234422 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: 2023-07-19T01:31:03.400Z Updated: 2024-08-02T07:01:57.592Z Open on db.gcve.eu Reference links https://vuldb.com/?id.234422 https://vuldb.com/?ctiid.234422	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-47132`	vulnerable	2026-06-08 05:50:39.871961	Details available A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users. Published: 2023-02-03T00:00:00.000Z Updated: 2024-08-03T14:47:28.559Z Open on db.gcve.eu Reference links https://portswigger.net/web-security/csrf https://www.linkedin.com/in/xvinicius/ https://xpsec.co/blog/academy-lms-5-10-add-admin-csrf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-47131`	vulnerable	2026-06-08 05:50:39.871697	Details available A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page. Published: 2023-02-03T00:00:00.000Z Updated: 2025-03-26T15:38:43.991Z Open on db.gcve.eu Reference links https://portswigger.net/web-security/csrf https://www.linkedin.com/in/xvinicius/ https://portswigger.net/web-security/csrf/xss-vs-csrf https://blog.hackingforce.com.br/en/xss https://xpsec.co/blog/academy-lms-5-10-add-page-csrf-xss	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-47130`	vulnerable	2026-06-08 05:50:39.871174	Details available A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page. Published: 2023-02-03T00:00:00.000Z Updated: 2025-03-26T15:40:02.925Z Open on db.gcve.eu Reference links https://portswigger.net/web-security/csrf https://www.linkedin.com/in/xvinicius/ https://xpsec.co/blog/academy-lms-5-10-coupon-csrf	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.