Main Vulnerability Database Vulnerabilities #VU20940

Improper access control in LifterLMS - #VU20940

Published: September 9, 2019

Vulnerability identifier: #VU20940

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: LifterLMS

Affected software:
LifterLMS

Detailed vulnerability description

The vulnerability allows a remote attacker to create an administrator account.

The vulnerability exists in the "get_author_id" function in the “includes/class.llms.generator.php” script due to the plugin will automatically create the corresponding administrator account if it cannot retrieve the user ID and email address of the author of the courses in the imported payload. A random administrator password is created by using the "wp_generate_password" function. A remote attacker can click on the login page “Lost your password” link and change the password.

Note: This vulnerability exists due to the CVE-2019-15896 issue described above.

Remediation

Install updates from vendor's website.

Sources

https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-lifterlms-plugin/

Improper access control in LifterLMS - #VU20940

Detailed vulnerability description

Remediation

Sources

Please verify you're human