| The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union-based SQL Injection. The issue arises from the plugin's failure to properly escape the 'user' parameter, combined with an inadequate preparation of SQL queries. As a result, attackers can inject malicious SQL code into the query by manipulating the 'user' parameter. This signature detects SQL statements sent in HTTP requests. These are generally considered suspicious. |
