CVE-2024-10400

HIGH EXPLOITED NUCLEI

Tutor LMS < 2.7.6 - Unauthenticated SQL Injection via Rating Filter Parameter

Title source: llm

Exploitation Summary

CVE-2024-10400 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including iSee857, k0ns0l. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains a functional exploit PoC for CVE-2026-22812, targeting OpenCode for remote command execution (RCE). The script sends a crafted JSON payload to the '/session' endpoint to establish a session, then executes the 'id' command via the '/session/{id}/shell' endpoint, verifying RCE by checking for 'uid=' and 'gid=' in the response.

Description

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘rating_filter’ parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Exploits (2)

github WORKING POC 40 stars

by iSee857 · pythonpoc

https://github.com/iSee857/CVE-PoC/tree/main/WordPress_CVE-2024-10400_sql_Injection.py

View Code ZIP pw:eip

The repository contains a functional exploit PoC for CVE-2026-22812, targeting OpenCode for remote command execution (RCE). The script sends a crafted JSON payload to the '/session' endpoint to establish a session, then executes the 'id' command via the '/session/{id}/shell' endpoint, verifying RCE by checking for 'uid=' and 'gid=' in the response.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OpenCode (version not specified)

No auth needed

Prerequisites: Network access to the target · OpenCode service running and accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC 4 stars

by k0ns0l · infoleak

https://github.com/k0ns0l/CVE-2024-10400

View Code ZIP pw:eip

This repository contains a functional Python script and a Nuclei template to exploit CVE-2024-10400, a SQL injection vulnerability in the Tutor LMS WordPress plugin (versions <= 2.7.6). The exploit uses a time-based blind SQL injection technique to confirm the vulnerability by measuring response delays.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Tutor LMS WordPress plugin <= 2.7.6

Auth required

Prerequisites: Valid WordPress credentials · Tutor LMS plugin installed and active

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Tutor LMS <= 2.7.6 - SQL Injection

HIGHVERIFIEDby iamnoooob,rootxharsh,pdresearch

Shodan: html:"/wp-content/plugins/tutor/"

FOFA: body="/wp-content/plugins/tutor/"

References (2)

Core 2

Core References

Patch

https://plugins.trac.wordpress.org/changeset/3186319/tutor

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/bcf37d4e-e94a-4046-9949-c208e4e70197?source=cve

Scores

CVSS v3 7.5

EPSS 0.8259

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2024-11-21

CWE

CWE-89

Status published

Products (2)

themeum/Tutor LMS – eLearning and online course solution < 2.7.6

themeum/tutor_lms < 2.7.6

Published Nov 21, 2024

Tracked Since Feb 18, 2026