#VU20938 Improper Privilege Management in LifterLMS


Published: 2019-09-09

Vulnerability identifier: #VU20938

Vulnerability risk: High

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-15896

CWE-ID: CWE-269

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
LifterLMS
Web applications / Modules and components for CMS

Vendor: LifterLMS

Description

The vulnerability allows a remote attacker to unauthenticated options import to the target system.

The vulnerability exists in the main “lifterlms.php” script due to the plugin loads several scripts when the back-end is accessed, either by an authenticated or unauthenticated user (it simply relies on the "is_admin" function). A remote attacker can import a malicious JSON encoded payload. 

Note: An attacker can leverage this vulnerability to perform several critical attacks.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

LifterLMS: 3.5.3 - 3.34.5

External links
http://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-lifterlms-plugin/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


Multiple vulnerabilities in LifterLMS