This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: SQL Injection (SQLi) in Tutor LMS plugin. π₯ **Consequences**: Attackers can extract sensitive data from the database. The core issue is insufficient escaping of user input.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: CWE-89 (SQL Injection). π **Flaw**: The 'rating_filter' parameter lacks proper escaping and SQL query preparation. User-supplied data is not sanitized correctly before execution.
Q3Who is affected? (Versions/Components)
π¦ **Affected**: WordPress Plugin: **Tutor LMS**. π **Versions**: All versions **up to and including 2.7.6** (<= 2.7.6). Vendor: Themeum.
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Hackers' Power**: Unauthenticated access. π **Data Risk**: Extract sensitive information from the database. They can append malicious SQL queries to existing ones.
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: LOW. π« **Auth Required**: None (Unauthenticated). π **Access**: Network (AV:N). Simple to exploit without login credentials.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π» **Public Exp?**: YES. π **PoC Available**: GitHub repos exist (e.g., k0ns0l/CVE-2024-10400). Nuclei templates are also available for scanning.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for Tutor LMS plugin version <= 2.7.6. π§ͺ **Test**: Check if the 'rating_filter' parameter is vulnerable to SQL injection via automated scanners like Nuclei.
π§ **No Patch?**: Input validation is critical. π **Mitigation**: Restrict access to the 'rating_filter' endpoint if possible. Use WAF rules to block SQLi patterns in that parameter.
Q10Is it urgent? (Priority Suggestion)
β‘ **Urgency**: HIGH. π¨ **Priority**: Immediate patching required. CVSS Score indicates High Confidentiality impact. Unauthenticated exploitation makes it critical.