CVE-2024-1209
published 2024-02-05CVE-2024-1209: The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due…
PriorityP338medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
2.42%
82.1th percentile
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| learndash | learndash | < 4.10.3 | 4.10.3 |
| stellarwp | learndash_lms | <= 4.10.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
GPL SQL sa brute force failed login unicode attempt
suricata·2010-09-23
CVE-2000-1209 GPL SQL sa brute force failed login unicode attempt
GPL SQL sa brute force failed login unicode attempt
Rule: alert tcp $SQL_SERVERS 1433 -> $EXTERNAL_NET any (msg:"GPL SQL sa brute force failed login unicode attempt"; flow:established,to_client; content:"L|00|o|00|g|00|i|00|n|00| |00|f|00|a|00|i|00|l|00|e|00|d|00| |00|f|00|o|00|r|00| |00|u|00|s|00|e|00|r|00| |00|'|00|s|00|a|00|'|00|"; threshold:type threshold, track by_src, count 5, seconds 2; reference:bugtraq,4797; reference:cve,2000-1209; reference:nessus,10673; classtype:unsuccessful-user; sid:2103273; rev:5; metadata:created_at 2010_09_23, cve CVE_2000_1209, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Suricata
GPL SQL sa brute force failed login attempt
suricata·2010-09-23
CVE-2000-1209 GPL SQL sa brute force failed login attempt
GPL SQL sa brute force failed login attempt
Rule: alert tcp $SQL_SERVERS 1433 -> $EXTERNAL_NET any (msg:"GPL SQL sa brute force failed login attempt"; flow:established,to_client; content:"Login failed for user 'sa'"; threshold:type threshold, track by_src, count 5, seconds 2; reference:bugtraq,4797; reference:cve,2000-1209; reference:nessus,10673; classtype:unsuccessful-user; sid:2103152; rev:5; metadata:created_at 2010_09_23, cve CVE_2000_1209, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Suricata
GPL SQL sa login failed
suricata·2010-09-23
CVE-2000-1209 GPL SQL sa login failed
GPL SQL sa login failed
Rule: alert tcp $SQL_SERVERS 139 -> $EXTERNAL_NET any (msg:"GPL SQL sa login failed"; flow:established,to_client; content:"Login failed for user 'sa'"; offset:83; reference:bugtraq,4797; reference:cve,2000-1209; classtype:attempted-user; sid:2100680; rev:11; metadata:created_at 2010_09_23, cve CVE_2000_1209, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Suricata
GPL SQL sa login failed
suricata·2010-09-23
CVE-2000-1209 GPL SQL sa login failed
GPL SQL sa login failed
Rule: alert tcp $SQL_SERVERS 1433 -> $EXTERNAL_NET any (msg:"GPL SQL sa login failed"; flow:established,to_client; content:"Login failed for user 'sa'"; reference:bugtraq,4797; reference:cve,2000-1209; reference:nessus,10673; classtype:unsuccessful-user; sid:2100688; rev:12; metadata:created_at 2010_09_23, cve CVE_2000_1209, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
Nuclei
LearnDash LMS < 4.10.2 - Sensitive Information Exposure via assignments
nuclei·CVSS 5.3
CVE-2024-1209 [MEDIUM] LearnDash LMS < 4.10.2 - Sensitive Information Exposure via assignments
LearnDash LMS < 4.10.2 - Sensitive Information Exposure via assignments
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.
Template:
id: CVE-2024-1209
info:
name: LearnDash LMS < 4.10.2 - Sensitive Information Exposure via assignments
author: ritikchaddha
severity: medium
description: |
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obt
No writeups or analysis indexed.
https://github.com/karlemilnikka/CVE-2024-1209https://www.learndash.com/release-notes/https://www.wordfence.com/threat-intel/vulnerabilities/id/7191955e-0db1-4ad1-878b-74f90ca59c91?source=cvehttps://github.com/karlemilnikka/CVE-2024-1209https://www.learndash.com/release-notes/https://www.wordfence.com/threat-intel/vulnerabilities/id/7191955e-0db1-4ad1-878b-74f90ca59c91?source=cve
2024-02-05
Published