{"id":4708,"date":"2024-09-11T21:25:12","date_gmt":"2024-09-11T21:25:12","guid":{"rendered":"http:\/\/127.0.0.1\/learnpress-wordpress-lms-plugin-4-2-7-inyeccion-de-sql-no-autenticada-a-traves-de-c_only_fields\/"},"modified":"2024-09-11T21:25:12","modified_gmt":"2024-09-11T21:25:12","slug":"learnpress-wordpress-lms-plugin-4-2-7-inyeccion-de-sql-no-autenticada-a-traves-de-c_only_fields","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/learnpress-wordpress-lms-plugin-4-2-7-inyeccion-de-sql-no-autenticada-a-traves-de-c_only_fields\/","title":{"rendered":"LearnPress \u2013 WordPress LMS Plugin <= 4.2.7 – Inyecci\u00f3n de SQL no autenticada a trav\u00e9s de 'c_only_fields'"},"content":{"rendered":"
<\/p>\n
La vulnerabilidad CVE-2024-8522 afecta al plugin LearnPress \u2013 WordPress LMS Plugin para WordPress, permitiendo a atacantes no autenticados realizar Inyecciones de SQL a trav\u00e9s del par\u00e1metro ‘c_only_fields’ del endpoint \/wp-json\/learnpress\/v1\/courses en todas las versiones hasta, e incluyendo, la versi\u00f3n 4.2.7. La falta de escape adecuado en el par\u00e1metro suministrado por el usuario y la preparaci\u00f3n […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2400],"class_list":["post-4708","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-8522"],"yoast_head":"\n