CVE-2024-43282SQL Injection in Tutor LMS

CWE-89SQL Injection3 documents3 sources
Severity
7.2HIGHNVD
CNA7.6
EPSS
0.4%
top 40.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Themeum Tutor LMS
Timeline
PublishedAug 18
Latest updateAug 19

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDthemeum/tutor_lms< 2.7.3
CVEListV5themeum/tutor_lmsn/a2.7.2

🔴Vulnerability Details

2
GHSA
GHSA-vr9m-v4wh-hr6m: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS2024-08-19
CVEList
WordPress Tutor LMS plugin <= 2.7.2 - SQL Injection vulnerability2024-08-18
CVE-2024-43282 — SQL Injection in Themeum Tutor LMS | cvebase