CVE-2021-24242 — Path Traversal in Tutor LMS Elearning AND Online Course Solution

CWE-22 — Path Traversal3 documents3 sources

Severity

3.8LOWNVD

EPSS

0.2%

top 54.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Themeum Tutor LMS Elearning AND Online Course Solution Themeum Tutor LMS

Timeline

PublishedApr 22

Latest updateMay 24

Description

The Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.8 is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the plugin's Tools, allowing high privilege users to include any local php file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:NExploitability: 1.2 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5themeum/tutor_lms_elearning_and_online_course_solution1.8.8 — 1.8.8

▶NVDthemeum/tutor_lms< 1.8.8

🔴Vulnerability Details

GHSA

GHSA-p49c-32gv-6cc5: The Tutor LMS â€“ eLearning and online course solution WordPress plugin before 1↗2022-05-24

▶

CVEList

Tutor LMS < 1.8.8 - Authenticated Local File Inclusion↗2021-04-22

▶