NA - CVE-2019-15896 - An issue was discovered in the LifterLMS plugin...

NA - CVE-2019-15896 - An issue was discovered in the LifterLMS plugin...

Executive Summary

Informations
Name
CVE-2019-15896
First vendor Publication
2019-09-10
Vendor
Cve
Last vendor Modification
2019-09-10

Security-Database Scoring CVSS v2


Cvss vector :
Cvss Base Score
Not Defined
Attack Range
Not Defined
Cvss Impact Score
Not Defined
Attack Complexity
Not Defined
Cvss Expoit Score
Not Defined
Authentication
Not Defined
Calculate full CVSS 2.0 Vectors scores

Detail




An issue was discovered in the LifterLMS plugin through 3.34.5 for WordPress. The upload_import function in the class.llms.admin.import.php script is prone to an unauthenticated options import vulnerability that could lead to privilege escalation (administrator account creation), website redirection, and stored XSS.




Original Source


Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15896

Sources (Detail)


Source
Url
MISC
https://wordpress.org/plugins/lifterlms/#developershttps://wpvulndb.com/vulnerabilities/9871

Alert History


If you want to see full details history, please login or register. Date
Informations
2019-09-10 21:19:52

  • First insertion




  • Support the originator by clicking the read the rest link below.