header-logo
Suggest Exploit
vendor:
ATutor
by:
Unknown
7.5
CVSS
HIGH
Arbitrary PHP command execution, Local file include, Cross-site scripting
CWE
Product Name: ATutor
Affected Version From: 1.5.1-pl1
Affected Version To: 1.5.1-pl1
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2006

Multiple vulnerabilities in ATutor

ATutor is prone to multiple vulnerabilities. These issues can allow remote attackers to execute arbitrary PHP commands and carry out local file include and cross-site scripting attacks.

Mitigation:

Update to version 1.5.1-pl2 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15221/info

ATutor is prone to multiple vulnerabilities.

These issues can allow remote attackers to execute arbitrary PHP commands and carry out local file include and cross-site scripting attacks.

ATutor 1.5.1-pl1 and prior versions are affected. 

http://www.example.com/include/html/forum.inc.php?addslashes=[function]&asc=[parameter]
http://www.example.com/include/html/forum.inc.php?addslashes=[function]&desc=[parameter]

Navigation

Suggest Exploit

Services By CQR