LearnPress <= 4.1.3.2 admin+ sql injection

There are some sql injection when admin trying to duplicate course/lesson/quiz/question.

image-20211105162421669

 

 

 

POC(id start with existing course/lesson/quiz/question id):

image-20211105163831975