2021-01-14 16:02:20 +00:00
{
2021-04-05 19:00:43 +00:00
"CVE_data_meta" : {
"ID" : "CVE-2021-24185" ,
"ASSIGNER" : "contact@wpscan.com" ,
"STATE" : "PUBLIC" ,
"TITLE" : "Tutor LMS < 1.7.7 - SQL Injection via tutor_place_rating"
} ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"generator" : "WPScan CVE Generator" ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "Unknown" ,
"product" : {
"product_data" : [
{
"product_name" : "Tutor LMS \u2013 eLearning and online course solution" ,
"version" : {
"version_data" : [
{
"version_affected" : "<" ,
"version_name" : "1.7.7" ,
"version_value" : "1.7.7"
}
]
}
}
]
2021-04-05 10:51:57 +02:00
}
}
]
}
2021-04-05 19:00:43 +00:00
} ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
"value" : "The tutor_place_rating AJAX action from the Tutor LMS \u2013 eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students."
}
2021-01-14 16:02:20 +00:00
]
2021-04-05 19:00:43 +00:00
} ,
"references" : {
"reference_data" : [
{
"refsource" : "MISC" ,
"url" : "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/" ,
"name" : "https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/"
} ,
{
"refsource" : "CONFIRM" ,
"url" : "https://wpscan.com/vulnerability/0cba5349-e916-43f0-a1fe-62cf73e352a2" ,
"name" : "https://wpscan.com/vulnerability/0cba5349-e916-43f0-a1fe-62cf73e352a2"
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "CWE-89 SQL Injection" ,
"lang" : "eng"
}
]
}
]
} ,
"credit" : [
{
"lang" : "eng" ,
"value" : "Chloe Chamberland"
}
] ,
"source" : {
"discovery" : "UNKNOWN"
2021-01-14 16:02:20 +00:00
}
}
