GHSA-gf8c-xmwj-whrhCritical

SP LMS (com_splms) < 4.1.4 by JoomShaper deserializes user-controlled cookie data without...

Published
June 20, 2026
Last Modified
June 20, 2026

🔗 CVE IDs covered (1)

📋 Description

SP LMS (com_splms) < 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker to execute arbitrary code on the server.

🔗 References (3)