CVE-2024-4902
published 2024-06-07CVE-2024-4902: The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all…
PriorityP340high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.50%
38.7th percentile
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVE-2024-37256 is likely a duplicate of this issue.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| themeum | tutor_lms | < 2.7.2 | 2.7.2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2024-36020 kernel: i40e: fix vf may be used uninitialized in this function warning
bugzilla·2024-06-03·CVSS 5.5
CVE-2024-36020 [MEDIUM] CVE-2024-36020 kernel: i40e: fix vf may be used uninitialized in this function warning
CVE-2024-36020 kernel: i40e: fix vf may be used uninitialized in this function warning
In the Linux kernel, the following vulnerability has been resolved:
i40e: fix vf may be used uninitialized in this function warning
The Linux kernel CVE team has assigned CVE-2024-36020 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024053044-CVE-2024-36020-5da7@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2284401]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Via RHSA-2024:4902 https://access.redhat.com/errata
Bugzilla
CVE-2024-26733 kernel: arp: Prevent overflow in arp_req_get().
bugzilla·2024-04-04·CVSS 5.5
CVE-2024-26733 [MEDIUM] CVE-2024-26733 kernel: arp: Prevent overflow in arp_req_get().
CVE-2024-26733 kernel: arp: Prevent overflow in arp_req_get().
In the Linux kernel, the following vulnerability has been resolved:
arp: Prevent overflow in arp_req_get().
The Linux kernel CVE team has assigned CVE-2024-26733 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024040358-CVE-2024-26733-617f@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2273248]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
Via RHSA-2024:4902 https://access.redhat.com/errata/RHSA-2024:4902
---
This issue has been addres
https://plugins.trac.wordpress.org/browser/tutor/tags/2.7.0/classes/Utils.php#L1936https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3098465%40tutor%2Ftrunk&old=3086489%40tutor%2Ftrunk&sfp_email=&sfph_mail=#file8https://www.wordfence.com/threat-intel/vulnerabilities/id/f00e8169-3b8f-44a0-9af2-e81777a913f8?source=cvehttps://plugins.trac.wordpress.org/browser/tutor/tags/2.7.0/classes/Utils.php#L1936https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3098465%40tutor%2Ftrunk&old=3086489%40tutor%2Ftrunk&sfp_email=&sfph_mail=#file8https://www.wordfence.com/threat-intel/vulnerabilities/id/f00e8169-3b8f-44a0-9af2-e81777a913f8?source=cve
2024-06-07
Published