CVE-2021-24183 - OpenCVE

The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Themeum	Tutor Lms

Configuration 1 [-]

cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://wpscan.com/vulnerability/9b8da6b7-f1d6-4a7d-a621-4ca01e4b7496	Exploit Third Party Advisory
https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2021-04-05T18:27:45

Updated: 2021-04-05T18:27:45

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24183

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-04-05T19:15:16.513

Modified: 2021-04-09T16:18:47.600

Link: CVE-2021-24183

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"containers": {"cna": {"affected": [{"product": "Tutor LMS \u2013 eLearning and online course solution", "vendor": "Unknown", "versions": [{"lessThan": "1.8.3", "status": "affected", "version": "1.8.3", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Chloe Chamberland"}], "descriptions": [{"lang": "en", "value": "The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS \u2013 eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 SQL Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-05T18:27:45", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wpscan.com/vulnerability/9b8da6b7-f1d6-4a7d-a621-4ca01e4b7496"}], "source": {"discovery": "UNKNOWN"}, "title": "Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_question_form", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24183", "STATE": "PUBLIC", "TITLE": "Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_question_form"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Tutor LMS \u2013 eLearning and online course solution", "version": {"version_data": [{"version_affected": "<", "version_name": "1.8.3", "version_value": "1.8.3"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Chloe Chamberland"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS \u2013 eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89 SQL Injection"}]}]}, "references": {"reference_data": [{"name": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/", "refsource": "MISC", "url": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/"}, {"name": "https://wpscan.com/vulnerability/9b8da6b7-f1d6-4a7d-a621-4ca01e4b7496", "refsource": "CONFIRM", "url": "https://wpscan.com/vulnerability/9b8da6b7-f1d6-4a7d-a621-4ca01e4b7496"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24183", "datePublished": "2021-04-05T18:27:45", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2021-04-05T18:27:45", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A143001B-60BE-4636-86C9-87B686F8ED3B", "versionEndExcluding": "1.8.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS \u2013 eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students."}, {"lang": "es", "value": "La acci\u00f3n tutor_quiz_builder_get_question_form AJAX del plugin de WordPress Tutor LMS \u2013 eLearning and online course solution versiones anteriores a 1.8.3, era vulnerable a una inyecci\u00f3n SQL basada en UNION que pod\u00eda ser explotada por estudiantes"}], "id": "CVE-2021-24183", "lastModified": "2021-04-09T16:18:47.600", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-05T19:15:16.513", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/9b8da6b7-f1d6-4a7d-a621-4ca01e4b7496"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "contact@wpscan.com", "type": "Secondary"}]}