Unauthenticated SQL Injection Vulnerability in LearnPress LMS Plugin
CVE-2024-8522

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Learnpress – WordPress Lms Plugin
Vendor: CVE Published:; 12 September 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The LearnPress plugin for WordPress, designed for Learning Management Systems (LMS), is susceptible to SQL injection attacks through the 'c_only_fields' parameter in the /wp-json/learnpress/v1/courses REST API endpoint. This vulnerability arises from inadequate escaping of user-supplied parameters, combined with insufficient preparation in the SQL query. As a result, unauthenticated attackers can append malicious SQL queries to existing ones, potentially compromising database security and allowing unauthorized access to sensitive information.

Affected Version(s)

LearnPress – WordPress LMS Plugin * <= 4.2.7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-8522
Created by Avento

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/learnpress/tru...

https://plugins.trac.wordpress.org/changeset/3148560/lear...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Sep 19, 2024
👾
Exploit known to exist
Sep 19, 2024
Vulnerability published
Sep 12, 2024
Vulnerability Reserved
Sep 6, 2024

Credit

abrahack