{"id":4708,"date":"2024-09-11T21:25:12","date_gmt":"2024-09-11T21:25:12","guid":{"rendered":"http:\/\/127.0.0.1\/learnpress-wordpress-lms-plugin-4-2-7-inyeccion-de-sql-no-autenticada-a-traves-de-c_only_fields\/"},"modified":"2024-09-11T21:25:12","modified_gmt":"2024-09-11T21:25:12","slug":"learnpress-wordpress-lms-plugin-4-2-7-inyeccion-de-sql-no-autenticada-a-traves-de-c_only_fields","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/learnpress-wordpress-lms-plugin-4-2-7-inyeccion-de-sql-no-autenticada-a-traves-de-c_only_fields\/","title":{"rendered":"LearnPress \u2013 WordPress LMS Plugin <= 4.2.7 – Inyecci\u00f3n de SQL no autenticada a trav\u00e9s de 'c_only_fields'"},"content":{"rendered":"
La vulnerabilidad CVE-2024-8522 afecta al plugin LearnPress \u2013 WordPress LMS Plugin para WordPress, permitiendo a atacantes no autenticados realizar Inyecciones de SQL a trav\u00e9s del par\u00e1metro ‘c_only_fields’ del endpoint \/wp-json\/learnpress\/v1\/courses en todas las versiones hasta, e incluyendo, la versi\u00f3n 4.2.7.<\/div>\n

<\/p>\n

La falta de escape adecuado en el par\u00e1metro suministrado por el usuario y la preparaci\u00f3n insuficiente en la consulta SQL existente, hace posible que atacantes no autenticados a\u00f1adan consultas SQL adicionales en consultas existentes que pueden ser utilizadas para extraer informaci\u00f3n sensible de la base de datos.<\/div>\n
Es importante actualizar el plugin LearnPress \u2013 WordPress LMS Plugin a la \u00faltima versi\u00f3n disponible para mitigar este riesgo de seguridad. Adem\u00e1s, se recomienda a los usuarios evitar la exposici\u00f3n del endpoint \/wp-json\/learnpress\/v1\/courses a usuarios no autenticados y tener precauci\u00f3n al interactuar con par\u00e1metros de consulta en plugins y temas de WordPress.<\/div>\n","protected":false},"excerpt":{"rendered":"

La vulnerabilidad CVE-2024-8522 afecta al plugin LearnPress \u2013 WordPress LMS Plugin para WordPress, permitiendo a atacantes no autenticados realizar Inyecciones de SQL a trav\u00e9s del par\u00e1metro ‘c_only_fields’ del endpoint \/wp-json\/learnpress\/v1\/courses en todas las versiones hasta, e incluyendo, la versi\u00f3n 4.2.7. La falta de escape adecuado en el par\u00e1metro suministrado por el usuario y la preparaci\u00f3n […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2400],"class_list":["post-4708","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-8522"],"yoast_head":"\nLearnPress \u2013 WordPress LMS Plugin <= 4.2.7 - Inyecci\u00f3n de SQL no autenticada a trav\u00e9s de 'c_only_fields' - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/learnpress-wordpress-lms-plugin-4-2-7-inyeccion-de-sql-no-autenticada-a-traves-de-c_only_fields\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"LearnPress \u2013 WordPress LMS Plugin <= 4.2.7 - Inyecci\u00f3n de SQL no autenticada a trav\u00e9s de 'c_only_fields' - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"La vulnerabilidad CVE-2024-8522 afecta al plugin LearnPress \u2013 WordPress LMS Plugin para WordPress, permitiendo a atacantes no autenticados realizar Inyecciones de SQL a trav\u00e9s del par\u00e1metro ‘c_only_fields’ del endpoint \/wp-json\/learnpress\/v1\/courses en todas las versiones hasta, e incluyendo, la versi\u00f3n 4.2.7. La falta de escape adecuado en el par\u00e1metro suministrado por el usuario y la preparaci\u00f3n […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/learnpress-wordpress-lms-plugin-4-2-7-inyeccion-de-sql-no-autenticada-a-traves-de-c_only_fields\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-09-11T21:25:12+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/learnpress-wordpress-lms-plugin-4-2-7-inyeccion-de-sql-no-autenticada-a-traves-de-c_only_fields\/\",\"url\":\"http:\/\/127.0.0.1\/learnpress-wordpress-lms-plugin-4-2-7-inyeccion-de-sql-no-autenticada-a-traves-de-c_only_fields\/\",\"name\":\"LearnPress \u2013 WordPress LMS Plugin <= 4.2.7 - Inyecci\u00f3n de SQL no autenticada a trav\u00e9s de 'c_only_fields' - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-09-11T21:25:12+00:00\",\"dateModified\":\"2024-09-11T21:25:12+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/learnpress-wordpress-lms-plugin-4-2-7-inyeccion-de-sql-no-autenticada-a-traves-de-c_only_fields\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/learnpress-wordpress-lms-plugin-4-2-7-inyeccion-de-sql-no-autenticada-a-traves-de-c_only_fields\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/learnpress-wordpress-lms-plugin-4-2-7-inyeccion-de-sql-no-autenticada-a-traves-de-c_only_fields\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"LearnPress \u2013 WordPress LMS Plugin <= 4.2.7 – Inyecci\u00f3n de SQL no autenticada a trav\u00e9s de 'c_only_fields'\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"LearnPress \u2013 WordPress LMS Plugin <= 4.2.7 - Inyecci\u00f3n de SQL no autenticada a trav\u00e9s de 'c_only_fields' - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/learnpress-wordpress-lms-plugin-4-2-7-inyeccion-de-sql-no-autenticada-a-traves-de-c_only_fields\/","og_locale":"en_US","og_type":"article","og_title":"LearnPress \u2013 WordPress LMS Plugin <= 4.2.7 - Inyecci\u00f3n de SQL no autenticada a trav\u00e9s de 'c_only_fields' - SeguridadWordPress.es","og_description":"La vulnerabilidad CVE-2024-8522 afecta al plugin LearnPress \u2013 WordPress LMS Plugin para WordPress, permitiendo a atacantes no autenticados realizar Inyecciones de SQL a trav\u00e9s del par\u00e1metro ‘c_only_fields’ del endpoint \/wp-json\/learnpress\/v1\/courses en todas las versiones hasta, e incluyendo, la versi\u00f3n 4.2.7. La falta de escape adecuado en el par\u00e1metro suministrado por el usuario y la preparaci\u00f3n […]","og_url":"http:\/\/127.0.0.1\/learnpress-wordpress-lms-plugin-4-2-7-inyeccion-de-sql-no-autenticada-a-traves-de-c_only_fields\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-09-11T21:25:12+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/learnpress-wordpress-lms-plugin-4-2-7-inyeccion-de-sql-no-autenticada-a-traves-de-c_only_fields\/","url":"http:\/\/127.0.0.1\/learnpress-wordpress-lms-plugin-4-2-7-inyeccion-de-sql-no-autenticada-a-traves-de-c_only_fields\/","name":"LearnPress \u2013 WordPress LMS Plugin <= 4.2.7 - Inyecci\u00f3n de SQL no autenticada a trav\u00e9s de 'c_only_fields' - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-09-11T21:25:12+00:00","dateModified":"2024-09-11T21:25:12+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/learnpress-wordpress-lms-plugin-4-2-7-inyeccion-de-sql-no-autenticada-a-traves-de-c_only_fields\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/learnpress-wordpress-lms-plugin-4-2-7-inyeccion-de-sql-no-autenticada-a-traves-de-c_only_fields\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/learnpress-wordpress-lms-plugin-4-2-7-inyeccion-de-sql-no-autenticada-a-traves-de-c_only_fields\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"LearnPress \u2013 WordPress LMS Plugin <= 4.2.7 – Inyecci\u00f3n de SQL no autenticada a trav\u00e9s de 'c_only_fields'"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4708"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=4708"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/4708\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=4708"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=4708"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=4708"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}