The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server
References
Link | Resource |
---|---|
https://lists.openwall.net/full-disclosure/2018/01/10/17 | Exploit Mailing List Third Party Advisory |
https://wpscan.com/vulnerability/9444f67b-8e3d-4cf0-b319-ed25e7db383a | Exploit Third Party Advisory |
Configurations
History
03 Nov 2021, 15:07
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:learndash:learndash:*:*:*:*:*:wordpress:*:* | |
CWE | CWE-434 CWE-862 |
|
References | (MISC) https://wpscan.com/vulnerability/9444f67b-8e3d-4cf0-b319-ed25e7db383a - Exploit, Third Party Advisory | |
References | (MISC) https://lists.openwall.net/full-disclosure/2018/01/10/17 - Exploit, Mailing List, Third Party Advisory |
01 Nov 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-11-01 09:15
Updated : 2024-02-04 22:08
NVD link : CVE-2018-25019
Mitre link : CVE-2018-25019
CVE.ORG link : CVE-2018-25019
JSON object : View
Products Affected
learndash
- learndash