3 matches found
CVE-2021-24183
The tutorquizbuildergetquestionform AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students...
CVE-2021-24183 Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_question_form
The tutorquizbuildergetquestionform AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students...
CVE-2021-24183
The CVE concerns the Tutor LMS WordPress plugin (before 1.8.3). The vulnerability is in the tutor_quiz_builder_get_question_form AJAX action, where input handling permits UNION-based SQL injection. This could allow an attacker (e.g., a student) to manipulate queries via the affected endpoint and ...