MasterStudy LMS is vulnerable to a critical SQL injection flaw that enables authenticated subscribers to manipulate the underlying database.

The application fails to perform adequate input validation on parameters processed by the LMS, allowing an authenticated Subscriber to perform unauthorized database operations.

The ability to perform SQL injection can lead to the exfiltration of personally identifiable information (PII) or the total compromise of site data. The CVSS score of 8.5 reflects the high impact on confidentiality and integrity that this vulnerability presents to the organization.

Immediate Action: Update MasterStudy LMS to the latest version immediately upon release of the security patch.

Proactive Monitoring: Monitor database query logs for unusual query structures or unexpected unauthorized access attempts.

Compensating Controls: Utilize a Web Application Firewall (WAF) to provide virtual patching by filtering malicious SQL payloads.

Public Exploit Available: false

Security teams should treat this SQL injection vulnerability as a high priority. Ensure that the plugin is updated immediately and consider restricting user access to the LMS functions until the patch is successfully applied.