QwikSec

Security Database

CVE

CWE

Training

CVE-2018-25019

Published: Nov 1, 2021

Modified: Aug 5, 2024

PUBLISHED

Description

The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server

Vendor	Product	Versions
Unknown	LearnDash LMS	affected `2.5.4 - < 2.5.4`

Weaknesses (CWE)

References

https://lists.openwall.net/full-disclosure/2018/01/10/17

x_refsource_MISC

https://wpscan.com/vulnerability/9444f67b-8e3d-4cf0-b319-ed25e7db383a

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.