Learnpress < 3.2.6.8 - Authenticated Time Based Blind SQL Injection



Description
This could allow a low privilege user, to perform a time based SQL Injection attack and retrieve data from the DB, such as hashed passwords.

Affects Plugin

fixed in version 3.2.6.8

References

CVE 2020-6010
URL https://research.checkpoint.com/2020/e-learning-platforms-getting-schooled-multiple-vulnerabilities-in-wordpress-most-popular-learning-management-system-plugins/

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Views 1084
Verified No
WPVDB ID 10208

Timeline

Publicly Published 2020-04-29 (27 days ago)
Added 2020-04-30 (25 days ago)
Last Updated 2020-05-02 (23 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin