Add LearnPress SQLi module (CVE-2024-8522, CVE-2024-8529) #19482
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hello Metasploit Team,
I am submitting a new auxiliary module that exploits two unauthenticated SQL injection vulnerabilities in the LearnPress WordPress LMS Plugin (version <= 4.2.7). These vulnerabilities allow attackers to perform blind SQL injection via the
c_only_fields
andc_fields
parameters.Summary of changes:
auxiliary/scanner/http/wp_learnpress_c_fields_sqli
c_only_fields
parameter.c_fields
parameter.c_only_fields
for CVE-2024-8522 andc_fields
for CVE-2024-8529) and includes options such as specifying the number of rows to retrieve (COUNT
).Usage and Verification:
The module has been tested using a Docker environment running WordPress with LearnPress 4.2.7 installed. The setup instructions and verification steps are outlined in the documentation file.
Let me know if you need any further changes or if there are any issues during the review.