CVE-2020-8615

{"id": "CVE-2020-8615", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-02-04T20:15:14.933", "references": [{"url": "http://packetstormsecurity.com/files/156585/WordPress-Tutor-LMS-1.5.3-Cross-Site-Request-Forgery.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://wpvulndb.com/vulnerabilities/10058", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.getastra.com/blog/911/plugin-exploit/cross-site-request-forgery-in-tutor-lms-plugin/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.jinsonvarghese.com/cross-site-request-forgery-in-tutor-lms/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.themeum.com/tutor-lms-updated-v1-5-3/", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors)."}, {"lang": "es", "value": "Una vulnerabilidad de tipo CSRF en el plugin Tutor LMS versiones anteriores a 1.5.3 para WordPress, puede resultar en que un atacante se apruebe como instructor y lleve a cabo otras acciones maliciosas (tales como bloquear instructores leg\u00edtimos)."}], "lastModified": "2022-01-01T20:03:48.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "5D700DB6-8E7D-4B46-B69C-3DE36D7E81E2", "versionEndExcluding": "1.5.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}