PT-2021-15728 · WordPress · Tutor Lms
Chloe Chamberland
·
Published
2021-04-05
·
Updated
2021-04-09
·
CVE-2021-24182
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Tutor LMS – eLearning and online course solution WordPress plugin versions prior to 1.8.3
Description:
The issue concerns a UNION based SQL injection vulnerability in the tutor quiz builder get answers by question AJAX action. This could potentially be exploited by students.
Recommendations:
For versions prior to 1.8.3, update to version 1.8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the tutor quiz builder get answers by question AJAX action until the update is applied.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tutor Lms