7.5
CVSSv3

CVE-2024-8522

Published: 12/09/2024 Updated: 13/09/2024

Vulnerability Summary

Unauthenticated SQL Injection in LearnPress WordPress LMS Plugin 4.2.7

The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to SQL Injection through the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint. This affects all versions up to, and including, 4.2.7. The issue arises because user input is not properly escaped and the existing SQL query is not adequately prepared. This allows unauthenticated attackers to insert additional SQL queries into existing ones, potentially extracting sensitive data from the database.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

thimpress learnpress

Exploits

WordPress LMS plugin versions 427 and below suffer from a remote SQL injection vulnerability ...
The LearnPress WordPress LMS Plugin up to version 427 is vulnerable to SQL injection via the 'c_only_fields' and 'c_fields' parameters This allows unauthenticated attackers to exploit blind SQL injections and extract sensitive information ...

Metasploit Modules

WordPress LearnPress Unauthenticated SQLi (CVE-2024-8522, CVE-2024-8529)

The LearnPress WordPress LMS Plugin up to version 4.2.7 is vulnerable to SQL injection via the 'c_only_fields' and 'c_fields' parameters. This allows unauthenticated attackers to exploit blind SQL injections and extract sensitive information.

msf > use auxiliary/scanner/http/wp_learnpress_c_fields_sqli
msf auxiliary(wp_learnpress_c_fields_sqli) > show actions
    ...actions...
msf auxiliary(wp_learnpress_c_fields_sqli) > set ACTION < action-name >
msf auxiliary(wp_learnpress_c_fields_sqli) > show options
    ...show and set options...
msf auxiliary(wp_learnpress_c_fields_sqli) > run

Github Repositories

LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields'

CVE-2024-8522 LearnPress – WordPress LMS Plugin &lt;= 427 - Unauthenticated SQL Injection via 'c_only_fields' Stack class-lp-dbphp:702, LP_Database-&gt;execute() class-lp-course-dbphp:564, LP_Course_DB-&gt;get_courses() Coursesphp:241, LearnPress\Models\Courses::get_courses() class-lp-rest-courses-v1-controllerphp:502, LP_Jwt_Courses_V1_Control

Vulnerability assessment, penetration testing, and remediation plan

DEPI_Project Vulnerability Assessment and Remediation Plan for Purple Amit This project involved conducting a comprehensive vulnerability assessment and penetration testing for a fictional company, Purple Amit, following a significant data breach Using tools such as Nmap, Nessus, WPScan, and Nikto, I identified critical vulnerabilities in the company’s web server and Wor

POC Wordpress SQL Injection vulnerability LearnPress REST API endpoint

CVE-2024-8522 - Contact @bl4ckhatx Tool is available for purchase POC Wordpress SQL Injection vulnerability LearnPress REST API endpoint Contact: @bl4ckhatx With SQJ Injection, a new admin user can be created and the target website can be access full system Contact: @bl4ckhatx 🚨🚨CVE-2024-8522 (CVSS: 10) : LearnPress - WordPress LMS Plugin Unauthenticated SQL Injectio