header-logo
Suggest Exploit
vendor:
TUTOS
by:
SecurityFocus
8.8
CVSS
HIGH
Path Disclosure, Cross-Site Scripting, SQL Injection
79
CWE
Product Name: TUTOS
Affected Version From: 1
Affected Version To: 1.2
Patch Exists: YES
Related CWE: CVE-2002-1490
CPE: o:tutos:tutos_1.2
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

Multiple vulnerabilities in TUTOS

TUTOS is vulnerable to path disclosure, cross-site scripting, and possibly SQL injection attacks. An attacker can exploit these vulnerabilities by crafting a malicious URL and sending it to a user of the application. For example, the following URL can be used to exploit the path disclosure vulnerability: http://www.example.com/php/note/note_overview.php?id=1&sort=1&order=1. This URL will reveal the full path of the application, which can be used to further exploit the application.

Mitigation:

Users should upgrade to the latest version of TUTOS.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10129/info

Multiple vulnerabilities have been identified in various modules of TUTOS. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, and possibly SQL injection.

http://www.example.com/php/note/note_overview.php?id=1

Navigation

Suggest Exploit

Services By CQR