#VU20940 Improper access control in LifterLMS
Published: September 9, 2019
Vulnerability identifier: #VU20940
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: N/A
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
LifterLMS
LifterLMS
Software vendor:
LifterLMS
LifterLMS
Description
The vulnerability allows a remote attacker to create an administrator account.
The vulnerability exists in the "get_author_id" function in the “includes/class.llms.generator.php” script due to the plugin will automatically create the corresponding administrator account if it cannot retrieve the user ID and email address of the author of the courses in the imported payload. A random administrator password is created by using the "wp_generate_password" function. A remote attacker can click on the login page “Lost your password” link and change the password.
Note: This vulnerability exists due to the CVE-2019-15896 issue described above.
Remediation
Install updates from vendor's website.