CVE-2023-6567

Published: 11/01/2024 Updated: 17/01/2024

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated malicious users to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Vulnerable Product	Search on Vulmon	Subscribe to Product
thimpress learnpress

Check Point Reference: CPAI-2023-1512 Date Published: 8 Feb 2024 Severity: High ...

Time-based SQLi

CVE-2023-6567-poc Time-based SQLi Description The plugin does not properly sanitise and escape the order_by parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users Vulnerable GET request: vulnerablewordpresscom/wp-json/lp/v1/courses/archive-course?c_search=test&order_by=ID&order=DESC&limit=

CWE-89 https://www.wordfence.com/threat-intel/vulnerabilities/id/6ab578cd-3a0b-43d3-aaa7-0a01f431a4e2?source=cve https://plugins.trac.wordpress.org/changeset/3013957/learnpress https://nvd.nist.gov https://github.com/mimiloveexe/CVE-2023-6567-poc https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2023-1512.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-6567

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect