SQL Injection Vulnerability Affects Tutor LMS from n/a through 2.7.2
CVE-2024-43282

7.2HIGH

Key Information:

Vendor: WordPress
Status: Tutor Lms
Vendor: CVE Published:; 18 August 2024

What is CVE-2024-43282?

An SQL Injection vulnerability exists in Themeum's Tutor LMS plugin, which could allow attackers to manipulate SQL queries executed by the application. This flaw affects Tutor LMS versions prior to 2.7.2, potentially enabling unauthorized access to sensitive data within the database. Exploiting this vulnerability could lead to severe security breaches, including data leakage, data corruption, and complete control over the affected system. Organizations using the Tutor LMS plugin should take immediate action to patch this vulnerability to safeguard their databases and user information.

Affected Version(s)

Tutor LMS <= 2.7.2

References

https://patchstack.com/database/vulnerability/tutor/wordp...

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2024
Vulnerability Reserved
Aug 9, 2024

Credit

justakazh (Patchstack Alliance)

WordPress

What is CVE-2024-43282?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit