3 matches found
CVE-2018-25019
The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndashassignmentprocessinit function, which could allow unauthenticated users to upload arbitrary files to the web server...
CVE-2018-25019 LearnDash < 2.5.4 - Unauthenticated Arbitrary File Upload
The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndashassignmentprocessinit function, which could allow unauthenticated users to upload arbitrary files to the web server...
CVE-2018-25019
CVE-2018-25019 affects the LearnDash LMS WordPress plugin (versions before 2.5.4). The root cause is lack of authorization/validation for uploaded files in learndash_assignment_process_init(), enabling unauthenticated users to upload arbitrary files to the web server. Impact is arbitrary file upl...