SQL Injection Vulnerability Affects Tutor LMS from n/a through 2.7.2
CVE-2024-43282

7.2HIGH

Key Information:

Vendor: WordPress
Status: Tutor Lms
Vendor: CVE Published:; 18 August 2024

Summary

An SQL Injection vulnerability exists in Themeum's Tutor LMS plugin, which could allow attackers to manipulate SQL queries executed by the application. This flaw affects Tutor LMS versions prior to 2.7.2, potentially enabling unauthorized access to sensitive data within the database. Exploiting this vulnerability could lead to severe security breaches, including data leakage, data corruption, and complete control over the affected system. Organizations using the Tutor LMS plugin should take immediate action to patch this vulnerability to safeguard their databases and user information.

Affected Version(s)

Tutor LMS <= 2.7.2

References

https://patchstack.com/database/vulnerability/tutor/wordp...

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 18, 2024
Vulnerability Reserved
Aug 9, 2024

Credit

justakazh (Patchstack Alliance)