CVE-2021-24185

CVE-2021-24185: Tutor LMS < 1.7.7 - SQL Injection via tutor_place_rating

Vendor Unknown
Product Tutor LMS – eLearning and online course solution
Weakness CWE-89 · SQLi
Published April 5, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The tutor_place_rating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students.

Key dates

02Disclosure timeline

April 5, 2021 CVE published
August 3, 2024 Record updated