CVE-2020-27481
12.11.2020, 14:15
An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlr_lms_cancel_booking" where POST Parameter "id" was sent straight into SQL query without sanitization.
| Vendor | Product | Version |
|---|---|---|
| goodlayers | good_learning_management_system | 𝑥 ≤ 2.1.4 |
𝑥
= Vulnerable software versions