5 matches found
CVE-2024-1512
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied...
Exploit for SQL Injection in Stylemixthemes Masterstudy_Lms
CVE-2024-1512 Proof of Concept Vulnerability Overview CVE...
WordPress MasterStudy LMS Plugin <= 3.2.5 is vulnerable to SQL Injection
Software MasterStudy LMS Type Plugin Vulnerable versions = 3.2.5 Fixed in 3.2.6 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1512 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID e235479f4753 Credits Krzysztof Zając Required privilege Unauthenticat...
CVE-2024-1512
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied...
CVE-2024-1512
CVE-2024-1512 affects the MasterStudy LMS WordPress Plugin, all versions up to 3.2.5. The root cause is insufficient escaping and lack of proper SQL query preparation on the 'user' parameter of the /lms/stm-lms/order/items REST route, enabling union-based SQL injection. This allows unauthenticate...