MasterStudy LMS WordPress Plugin SQLi CVE-2024-1512 Exploit

MasterStudy LMS WordPress Plugin SQLi CVE-2024-1512 Exploit

vPython by Prapattimynk

CVE-2024-1512 exposes a critical vulnerability in the MasterStudy LMS WordPress Plugin, specifically within the implementation of the /lms/stm-lms/order/items REST route. The issue arises from the plu

Android Android 5.0Exploits And POCs
( 508 ratings )
Price: $0
File CVE-2024-1512 Exploit
Publisher Prapattimynk
Genre Exploits And POCs
Size -
File Type Python
Os All
Mod Version Python
Report Report
CVE-2024-1512 Exploit is the most famous version in the CVE-2024-1512 Exploit series of publisher
Download

CVE-2024-1512 exposes a critical vulnerability in the MasterStudy LMS WordPress Plugin, specifically within the implementation of the /lms/stm-lms/order/items REST route. The issue arises from the plugin’s failure to properly escape the ‘user’ parameter, combined with an inadequate preparation of SQL queries. As a result, attackers can inject malicious SQL code into the query by manipulating the ‘user’ parameter. This vulnerability facilitates a union-based SQL Injection attack, whereby an attacker appends additional SQL commands to the original query, enabling unauthorized database interactions. These interactions could include data extraction, data deletion, or data manipulation, posing a significant risk to the confidentiality, integrity, and availability of the data. The exploitation of this vulnerability does not require authentication, making it particularly dangerous as it can be attempted by any remote attacker who can send HTTP requests to the affected site.



Recommended for You

You may also like

Comments

Your email address will not be published. Required fields are marked *

Next Post X
Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.