cbcvebase.
CVE-2024-1512
published 2024-02-17

CVE-2024-1512: The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user'…

PriorityP182critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
77.73%
99.5th percentile
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Affected

2 ranges
VendorProductVersion rangeFixed in
stylemixmasterstudy_lms_wordpress_plugin_for_online_courses_and_education<= 3.2.5
stylemixthemesmasterstudy_lms<= 3.2.5

Detection & IOCsextracted from sources · hover to see the quote

url/lms/stm-lms/order/items
sigma
title: CVE-2024-1512 MasterStudy LMS SQLi
detection:
  selection:
    - 'contains_all(body,"items","total","total_price")'
    - 'contains(content_type,"application/json")'
    - 'status_code == 200'
  condition: and
  • Monitor for unauthenticated HTTP requests to the REST endpoint /lms/stm-lms/order/items with a 'user' parameter containing SQL UNION payloads.
  • Flag responses to /lms/stm-lms/order/items that return JSON bodies containing all three keys: 'items', 'total', and 'total_price' with HTTP 200, as this pattern is used to confirm successful SQL injection data exfiltration.
  • No authentication is required to exploit this vulnerability; treat any external source querying this REST route as potentially malicious.
  • ·All MasterStudy LMS plugin versions up to and including 3.2.5 are vulnerable; ensure detections target sites running these versions.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.