Adaptive Technology Resource Centre » Atutor : Security Vulnerabilities, CVEs, (Sql injection)

CVE-2007-0381

Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these issues.
Max CVSS
7.5
EPSS Score
0.21%
Published
2007-01-19
Updated
2008-11-13

CVE-2006-3996

SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters.
Max CVSS
6.5
EPSS Score
2.81%
Published
2006-08-05
Updated
2018-10-17

CVE-2006-3662

SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "The mentioned SQL injection vulnerability is not possible." However, the relevant source code suggests that this issue may be legitimate, and the parameter is cleansed in 1.5.3.1
Max CVSS
7.5
EPSS Score
0.84%
Published
2006-07-18
Updated
2024-04-11

CVE-2005-2954

SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attackers to execute arbitrary SQL commands via the email field.
Max CVSS
7.5
EPSS Score
1.45%
Published
2005-09-16
Updated
2017-07-11
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close