CVE-2021-24242

Опубликовано: 22 апр. 2021

Источник: nvd

CVSS3: 3.8

CVSS2: 5.5

EPSS Низкий

Описание

The Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.8 is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the plugin's Tools, allowing high privilege users to include any local php file

Ссылки

https://wpscan.com/vulnerability/20f3e63a-31d8-49a0-b4ef-209749feff5c
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/20f3e63a-31d8-49a0-b4ef-209749feff5c
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:*

Версия до 1.8.8 (исключая)

EPSS

Процентиль: 45%

0.00224

Низкий

3.8 Low

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-p49c-32gv-6cc5

github

больше 3 лет назад

The Tutor LMS â€“ eLearning and online course solution WordPress plugin before 1.8.8 is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the plugin's Tools, allowing high privilege users to include any local php file