CVE-2024-1512 exposes a critical vulnerability in the MasterStudy LMS WordPress Plugin, specifically within the implementation of the /lms/stm-lms/order/items REST route. The issue arises from the plugin’s failure to properly escape the ‘user’ parameter, combined with an inadequate preparation of SQL queries. As a result, attackers can inject malicious SQL code into the query by manipulating the ‘user’ parameter. This vulnerability facilitates a union-based SQL Injection attack, whereby an attacker appends additional SQL commands to the original query, enabling unauthorized database interactions. These interactions could include data extraction, data deletion, or data manipulation, posing a significant risk to the confidentiality, integrity, and availability of the data. The exploitation of this vulnerability does not require authentication, making it particularly dangerous as it can be attempted by any remote attacker who can send HTTP requests to the affected site.
What do you think?
It is nice to know your opinion. Leave a comment.