What the vulnerability does
01Description
Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
What the vulnerability does
Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7 versions.
Explanation of Vulnerability in Simple Terms
Tutor LMS versions up to 3.9.7 lack proper authorization checks, allowing unauthenticated attackers to read and modify certain data without permission. The vulnerability requires no user interaction and can be exploited over the network. Site administrators should update to a version newer than 3.9.7 to prevent unauthorized access to sensitive information.
What an attacker can do
Read and modify data without logging in or having permission to do so.
Potential impact on your site
Unauthorized users can access and alter course data, student records, or other sensitive information stored in Tutor LMS.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities