← Volver a CVEs
CVE-2021-24181
MEDIUM6.5
Descripcion
The tutor_mark_answer_as_correct AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students.
Detalles CVE
Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado4/5/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
themeum:tutor_lms
Debilidades (CWE)
CWE-89CWE-89
Referencias
https://wpscan.com/vulnerability/d5a00322-7098-4f8d-8e5e-157b63449c17(contact@wpscan.com)
https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/(contact@wpscan.com)
https://wpscan.com/vulnerability/d5a00322-7098-4f8d-8e5e-157b63449c17(af854a3a-2127-422b-91ae-364da2661108)
https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.