WordPress Plugin Tutor LMS SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Tutor LMS - eLearning and...

The vulnerability of the Tutor LMS plugin for the WordPress content management system allows a hacker to execute arbitrary code.

The vulnerability of the Tutor LMS plugin for the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2023-45867

ILIAS 2013-09-12 release contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential fil...

CVE-2023-45867

ILIAS 2013-09-12 release contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential fil...

Directory traversal

ILIAS 2013-09-12 release contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential fil...

WordPress Tutor LMS Plugin < 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Tutor LMS Type Plugin Vulnerable versions 2.3.0 Fixed in 2.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4805 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 74daed2fad19 Credits emad-fazel Required...

CVE-2023-4805

The Tutor LMS WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The Tutor LMS WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-4805

Tutor LMS WordPress plugin prior to version 2.3.0 is susceptible to Stored Cross-Site Scripting due to insufficient sanitization/escaping of certain settings. The vulnerability allows a user with Subscriber privileges (e.g., in multisite) to inject scripts even when unfiltered_html is disallowed....

CVE-2023-4805 Tutor LMS < 2.3.0 - Subscriber+ Stored Cross-Site Scripting

The Tutor LMS WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin Tutor LMS cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists...

PT-2023-6718 · Ilias · Ilias

Name of the Vulnerable Software and Affected Versions: ILIAS version 2013-09-12 Description: The issue is a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this ...

Tutor LMS < 2.3.0 - Subscriber+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Register a student account and go to the...

Tutor LMS < 2.3.0 - Subscriber+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Register a student account and go to the...

CVE-2023-4974

A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument pricemin/pricemax leads to sql injection. The attack may be...

CVE-2023-4973

A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument...

Creative Item Academy LMS SQL Injection Vulnerability

Creative Item Academy LMS is an online course-based learning management system from Creative Item, Inc. An SQL injection vulnerability exists in Creative Item Academy LMS version 6.2 Windows, which stems from the presence of an unknown function in /academy/tutor/filter in the component GET...

Creative Item Academy LMS Cross-Site Scripting Vulnerability

Creative Item Academy LMS is an online course-based learning management system from Creative Item, Inc. A cross-site scripting vulnerability exists in Creative Item Academy LMS version 6.2 Windows, which stems from the presence of unknown functions in /academy/tutor/filter in the component GET...

CVE-2023-3133

The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available...

CVE-2023-3133

The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available...