CVE-2018-25019

Published: Nov 1, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server

Affected (1)

Products: Learndash: Learndash

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Learndash Learndash	Up to 2.5.4

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://lists.openwall.net/full-disclosure/2018/01/10/17

Source: contact@wpscan.com

ExploitMailing ListThird Party Advisory

https://wpscan.com/vulnerability/9444f67b-8e3d-4cf0-b319-ed25e7db383a

Source: contact@wpscan.com

ExploitThird Party Advisory

https://lists.openwall.net/full-disclosure/2018/01/10/17

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

https://wpscan.com/vulnerability/9444f67b-8e3d-4cf0-b319-ed25e7db383a

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.