CVE-2021-24242

CVE-2021-24242: Tutor LMS < 1.8.8 - Authenticated Local File Inclusion

Vendor Themeum
Product Tutor LMS – eLearning and online course solution
Weakness CWE-22 · Path traversal
Published April 22, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.8 is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the plugin's Tools, allowing high privilege users to include any local php file

Key dates

02Disclosure timeline

April 22, 2021 CVE published
August 3, 2024 Record updated