HomePentest-Tools.com Logo

Good Layers LMS Plugin <= 2.1.4 - SQL Injection CVE-2020-27481

Severity
CVSSv3 Score
9.8
Vulnerability description

An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlr_lms_cancel_booking" where POST Parameter "id" was sent straight into SQL query without sanitization.\n

Risk description

No risk description to display.

Recommendation

Upgrade to the latest version of the Good Layers LMS Plugin (2.1.5 or higher) to mitigate this vulnerability.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Nov 12, 2020
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available