CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24183 – Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_question_form
https://notcve.org/view.php?id=CVE-2021-24183
The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students. La acción tutor_quiz_builder_get_question_form AJAX del plugin de WordPress Tutor LMS – eLearning and online course solution versiones anteriores a 1.8.3, era vulnerable a una inyección SQL basada en UNION que podía ser explotada por estudiantes • https://wpscan.com/vulnerability/9b8da6b7-f1d6-4a7d-a621-4ca01e4b7496 https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24182 – Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_answers_by_question
https://notcve.org/view.php?id=CVE-2021-24182
The tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students. La acción AJAX tutor_quiz_builder_get_answers_by_question del plugin de WordPress Tutor LMS – eLearning and online course solution versiones anteriores a 1.8.3, era vulnerable a una inyección SQL basada en UNION que podía ser explotada por estudiantes • https://wpscan.com/vulnerability/f74dfc52-46ba-41e3-994b-23115a22984f https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24181 – Tutor LMS < 1.7.7 - SQL Injection via tutor_mark_answer_as_correct
https://notcve.org/view.php?id=CVE-2021-24181
The tutor_mark_answer_as_correct AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students. La acción AJAX tutor_mark_answer_as_correct del plugin de WordPress Tutor LMS â€" eLearning and online course solution versión anteriores a 1.7.7, era vulnerable a inyecciones SQL ciegas y basadas en tiempo que podrían ser explotadas por estudiantes • https://wpscan.com/vulnerability/d5a00322-7098-4f8d-8e5e-157b63449c17 https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24185 – Tutor LMS < 1.7.7 - SQL Injection via tutor_place_rating
https://notcve.org/view.php?id=CVE-2021-24185
The tutor_place_rating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students. La acción tutor_place_rating AJAX del plugin de WordPress Tutor LMS - eLearning and online course solution versiones anteriores a 1.7.7 era vulnerable a inyecciones SQL ciegas y basadas en tiempo que podían ser explotadas por los estudiantes • https://wpscan.com/vulnerability/0cba5349-e916-43f0-a1fe-62cf73e352a2 https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24186 – Tutor LMS < 1.8.3 - SQL Injection via tutor_answering_quiz_question/get_answer_by_id
https://notcve.org/view.php?id=CVE-2021-24186
The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students. El par de funciones tutor_answering_quiz_question y get_answer_by_id del plugin Tutor LMS - eLearning and online course solution WordPress versiones anteriores a 1.8.3, era vulnerable a una inyección SQL basada en UNION que podría ser explotada por los estudiantes • https://wpscan.com/vulnerability/5f5c0c6c-6f76-4366-b590-0aab557f8c60 https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •