Is Fox Lms affected by CVE-2026-31922?

A high-severity SQL injection vulnerability in Fox LMS versions up to 1.0.6.3 could allow attackers to extract sensitive data from your learning management system database without authentication.

CVE-2026-31922

Q: How to fix CVE-2026-31922?

Within 24 hours: Inventory all systems running Fox LMS and document versions; disable public access to Fox LMS if possible and restrict to VPN/internal networks only. Within 7 days: Contact Ays Pro for patch timeline and interim security updates; implement Web Application Firewall (WAF) rules to block SQL injection patterns in Fox LMS URLs and POST parameters. Within 30 days: Apply vendor patch immediately upon release; conduct database audit for unauthorized access logs during vulnerability window; implement parameterized queries/prepared statements in any custom Fox LMS integrations.

EUVD-2026-11798 HIGH

2026-03-13 Patchstack

8.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 13, 2026 - 16:57 euvd

EUVD-2026-11798

Analysis Generated

Mar 13, 2026 - 16:57 vuln.today

CVE Published

Mar 13, 2026 - 11:41 nvd

HIGH 8.5

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through <= 1.0.6.3.

Analysis

Fox LMS versions 1.0.6.3 and earlier are vulnerable to blind SQL injection attacks through improper input sanitization, allowing authenticated attackers to execute arbitrary SQL queries and potentially exfiltrate sensitive database information. The vulnerability requires user authentication but can be exploited remotely with no user interaction needed, and carries a high CVSS score of 8.5. …

Remediation

Within 24 hours: Inventory all systems running Fox LMS and document versions; disable public access to Fox LMS if possible and restrict to VPN/internal networks only. Within 7 days: Contact Ays Pro for patch timeline and interim security updates; implement Web Application Firewall (WAF) rules to block SQL injection patterns in Fox LMS URLs and POST parameters. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +42

POC: 0

CVE-2026-31922 vulnerability details – vuln.today

Back

CVE-2026-31922

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-31922

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code