CVE-2024-1751 Scanner

Tutor LMS is a widely-used eLearning and online course solution plugin for WordPress, frequently employed by educational institutions and content creators to offer online courses. It supports the creation and management of courses, quizzes, and learning materials, providing users with a comprehensive educational platform. The plugin is popular due to its user-friendly interface and powerful customization features. Entities including educational institutions, training centers, and individual instructors utilize Tutor LMS to facilitate online learning experiences. Its usage spans across various educational domains, making it integral to digital learning systems. By providing a robust platform for eLearning, Tutor LMS enhances the reach and effectiveness of online education.

SQL Injection is a critical web security vulnerability that allows attackers to interfere with queries that an application makes to its database. It typically allows an attacker to view data that they are not normally able to retrieve, like other users' data, or otherwise unauthorized parts of the database. In the context of Tutor LMS, this vulnerability is present due to improper escaping of SQL queries, particularly involving the 'question_id' parameter. It can be exploited by users with subscriber or higher privileges, allowing them to access sensitive information. This type of vulnerability can lead to severe data exposure and potential breaches within the application. Addressing SQL Injection vulnerabilities is crucial to maintaining the confidentiality, integrity, and availability of database systems.

The SQL injection vulnerability in Tutor LMS is caused by inadequate input sanitization on the 'question_id' parameter, which is included in SQL queries. Attackers with appropriate privileges can exploit this by inserting malicious SQL commands into this parameter, enabling unauthorized retrieval of data from the database. Furthermore, the vulnerability is time-based, allowing detection through abnormal query execution times. It primarily affects the administrative AJAX operations, which are essential for managing course content. Due to the nature of the WordPress CMS and its plugins, such vulnerabilities can have far-reaching impacts if not addressed promptly. The authenticated nature of this exploit requires attackers to have prior access to a user account with specific privileges.

If successfully exploited, the SQL injection vulnerability in Tutor LMS can lead to unauthorized access and retrieval of sensitive information from the database. This includes, but is not limited to, confidential user information, including personal data and potentially financial details depending on the installation's setup. The breach could result in data leakage, reputation damage, regulatory fines, and loss of customer trust. Additionally, exploiting such vulnerabilities can serve as a foothold for further attacks, allowing malicious entities to escalate privileges or inject additional commands to compromise the entire application or underlying infrastructure. Swift remedial action is essential to prevent these damaging outcomes.

REFERENCES

• https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/tutor/tutor-lms-2110-unauthenticated-sql-injection
• https://plugins.trac.wordpress.org/changeset?old=2919134@tutor&new=2919134@tutor
• https://nvd.nist.gov/vuln/detail/CVE-2024-1751