An advisory was issued about a critical vulnerability in the popular Tutor LMS Pro WordPress plugin. The vulnerability, rated 8.8 on a scale of 1 to 10, allows an authenticated attacker to extract sensitive information from the WordPress database. The vulnerability affects all versions up to and including 3.7.0.
Tutor LMS Pro Vulnerability
The vulnerability results from improper handling of user-supplied data, enabling attackers to inject SQL code into a database query. The Wordfence advisory explains:
“The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter used in the get_submitted_assignments() function in all versions up to, and including, 3.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. “
Time-Based SQL Injection
A time-based SQL injection attack is one in which an attacker determines whether a query is valid by measuring how long the database takes to respond. An attacker could use the vulnerable order parameter to insert SQL code that delays the database’s response. By timing these delays, the attacker can deduce information stored in the database.
Why This Vulnerability Is Dangerous
While exploitation requires authenticated access, a successful exploitation of the flaw could be used to access sensitive information. Updating to the latest version, 3.7.1 or higher is recommended.
Featured Image by Shutterstock/Ollyy