CVE-2021-24181

CVE-2021-24181: Tutor LMS < 1.7.7 - SQL Injection via tutor_mark_answer_as_correct

Vendor Unknown
Product Tutor LMS – eLearning and online course solution
Weakness CWE-89 · SQLi
Published April 5, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The tutor_mark_answer_as_correct AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students.

Key dates

02Disclosure timeline

April 5, 2021 CVE published
August 3, 2024 Record updated