CVE-2021-24242: Path Traversal
First published: Thu Apr 22 2021(Updated: )
The Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.8 is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the plugin's Tools, allowing high privilege users to include any local php file
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Themeum Tutor Lms | <1.8.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability CVE-2021-24242?
The vulnerability CVE-2021-24242 is a local file inclusion vulnerability in the Tutor LMS plugin for WordPress.
How does the vulnerability CVE-2021-24242 impact the affected software?
The vulnerability CVE-2021-24242 allows high privilege users to include any local PHP file through the maliciously constructed sub_page parameter of the plugin's Tools.
What is the severity of the vulnerability CVE-2021-24242?
The severity of the vulnerability CVE-2021-24242 is medium, with a severity value of 3.8.
How can I fix the vulnerability CVE-2021-24242?
To fix the vulnerability CVE-2021-24242, you should update the Tutor LMS plugin to version 1.8.8 or later.
Where can I find more information about the vulnerability CVE-2021-24242?
You can find more information about the vulnerability CVE-2021-24242 at the following reference: [link](https://wpscan.com/vulnerability/20f3e63a-31d8-49a0-b4ef-209749feff5c)
- collector/nvd-index
- agent/references
- vendor/themeum
- canonical/themeum tutor lms