PT-2021-16453 · Unknown · Learning Management System
Published
2021-07-23
·
Updated
2021-07-29
·
CVE-2021-25201
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Learning Management System version 1.0
Description:
The issue allows remote attackers to execute arbitrary SQL statements through the
id parameter to obtain sensitive database information. This is achieved by exploiting a SQL injection vulnerability.Recommendations:
For Learning Management System version 1.0, avoid using the
id parameter in affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting access to sensitive database information to minimize the risk of exploitation.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Learning Management System