Vulnerabilities > Goodlayers

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-12	CVE-2020-27481	SQL Injection vulnerability in Goodlayers Good Learning Management System An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlr_lms_cancel_booking" where POST Parameter "id" was sent straight into SQL query without sanitization. network low complexity goodlayers CWE-89	7.5

Vulnerabilities > Goodlayers {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Goodlayers"}]}