CVE-2023-4974 Scanner

Academy LMS is a Learning Management System designed for educators, tutors, and trainers who want to create and deploy online courses, quizzes and surveys for educational, commercial or corporate purposes. It is a web-based software application that is easy to use and user-friendly. It allows for content creation, assessment, and tracking of learner progress. The software is used by many businesses and educational institutions worldwide.

One critical vulnerability discovered on Academy LMS is CVE-2023-4974. This issue is classified as a critical vulnerability and is located in an unknown functionality of the file "academy/tutor/filter" of the GET Parameter Handler component. The vulnerability allows for SQL injection using the manipulation of the "price_min/price_max" parameter. The attack can be launched remotely. Unfortunately, despite early notice, the vendor has not yet responded to the security breach.

This vulnerability can lead to serious trouble when exploited. If an attacker injects malicious code into the database of the LMS, he or she can extract sensitive data like students' personal information, tutor's login credentials, and other confidential data sets. This breach may lead to fraudulent activities using the stolen information, such as identity theft. Moreover, the hacker may ransom the stolen data, or use the platform to launch further attacks on other systems.

To conclude, as a reader of this article, you can benefit from the pro features offered on the S4E.com platform. This platform provides you with the necessary insights to ensure the security of digital assets. It is essential to invest in these features for your organization's safety and reputation. Take note: protect yourself from vulnerabilities before it's too late.

REFERENCES

• http://packetstormsecurity.com/files/174681/Academy-LMS-6.2-SQL-Injection.html
• https://vuldb.com/?ctiid.239750
• https://vuldb.com/?id.239750