Unauthenticated SQL Injection Vulnerability in MasterStudy LMS WordPress Plugin
CVE-2024-1512

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Masterstudy Lms WordPress Plugin – For Online Courses And Education
Vendor: CVE Published:; 17 February 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability exists in the MasterStudy LMS WordPress Plugin for Online Courses and Education, which allows for union based SQL Injection via the 'user' parameter in the /lms/stm-lms/order/items REST route. This flaw originates from inadequate escaping of the user-supplied input and fails to sufficiently prepare the SQL query. As a result, unauthenticated attackers can inject malicious SQL queries that append to existing queries, potentially facilitating the extraction of sensitive information from the database.

Affected Version(s)

MasterStudy LMS WordPress Plugin – for Online Courses and Education * <= 3.2.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-1512
Created by rat-c

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/3036794/mast...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Mar 1, 2024
👾
Exploit known to exist
Mar 1, 2024
Vulnerability published
Feb 17, 2024
Vulnerability Reserved
Feb 14, 2024

Credit

Krzysztof Zając