CVE-2024-1512
published 2024-02-17CVE-2024-1512: The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user'…
PriorityP182critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
77.73%
99.5th percentile
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| stylemix | masterstudy_lms_wordpress_plugin_for_online_courses_and_education | <= 3.2.5 | — |
| stylemixthemes | masterstudy_lms | <= 3.2.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma
title: CVE-2024-1512 MasterStudy LMS SQLi
detection:
selection:
- 'contains_all(body,"items","total","total_price")'
- 'contains(content_type,"application/json")'
- 'status_code == 200'
condition: and- →Monitor for unauthenticated HTTP requests to the REST endpoint /lms/stm-lms/order/items with a 'user' parameter containing SQL UNION payloads. ↗
- →Flag responses to /lms/stm-lms/order/items that return JSON bodies containing all three keys: 'items', 'total', and 'total_price' with HTTP 200, as this pattern is used to confirm successful SQL injection data exfiltration.
- →No authentication is required to exploit this vulnerability; treat any external source querying this REST route as potentially malicious. ↗
- ·All MasterStudy LMS plugin versions up to and including 3.2.5 are vulnerable; ensure detections target sites running these versions. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
MasterStudy LMS WordPress Plugin <= 3.2.5 - SQL Injection
nuclei·CVSS 9.8
CVE-2024-1512 [CRITICAL] MasterStudy LMS WordPress Plugin <= 3.2.5 - SQL Injection
MasterStudy LMS WordPress Plugin =6"
- 'contains_all(body,"items","total","total_price")'
- 'contains(content_type,"application/json")'
- "status_code == 200"
condition: and
# digest: 4b0a004830460221008b7d10b439599288a64d92b3c234e9534e8f19342836bf9a490fa3928490dfcc0221009ca311c8ac9246404d70e582a7c337bbf62255f8d818ee340d1ea0d1bd4af228:922c64590222798bb761d5b6d8e72950
Nuclei
TOTOLINK CX-A3002RU - Remote Code Execution
nuclei·CVSS 6.8
CVE-2024-51228 [MEDIUM] TOTOLINK CX-A3002RU - Remote Code Execution
TOTOLINK CX-A3002RU - Remote Code Execution
An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote attacker to execute arbitrary code via the /boafrm/formSysCmd component.
Template:
id: CVE-2024-51228
info:
name: TOTOLINK CX-A3002RU - Remote Code Execution
author: DhiyaneshDK
severity: medium
description: |
An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-
https://plugins.trac.wordpress.org/changeset/3036794/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/models/StmStatistics.phphttps://www.wordfence.com/threat-intel/vulnerabilities/id/d6b6d824-51d3-4da9-a39a-b957368df4dc?source=cvehttps://plugins.trac.wordpress.org/changeset/3036794/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/models/StmStatistics.phphttps://www.wordfence.com/threat-intel/vulnerabilities/id/d6b6d824-51d3-4da9-a39a-b957368df4dc?source=cve
2024-02-17
Published