CVE-2021-24186

CVE-2021-24186: Tutor LMS < 1.8.3 - SQL Injection via tutor_answering_quiz_question/get_answer_by_id

Vendor Unknown
Product Tutor LMS – eLearning and online course solution
Weakness CWE-89 · SQLi
Published April 5, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.

Key dates

02Disclosure timeline

April 5, 2021 CVE published
August 3, 2024 Record updated