Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2) req_lang parameter in documentation/common/search.php and (c) documentation/common/vitals.inc.php, the (3) row[dir_name] parameter in (d) include/classes/module/module.class.php, and the (4) lang_path parameter in (e) include/classes/phpmailer/class.phpmailer.php. NOTE: the print.php vector is already covered by CVE-2005-3404.
Max CVSS
7.5
EPSS Score
1.10%
Published
2006-11-06
Updated
2018-10-17
SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters.
Max CVSS
6.5
EPSS Score
2.81%
Published
2006-08-05
Updated
2018-10-17
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day parameter in (b) registration.php.
Max CVSS
4.3
EPSS Score
1.20%
Published
2006-07-25
Updated
2018-10-17
SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "The mentioned SQL injection vulnerability is not possible." However, the relevant source code suggests that this issue may be legitimate, and the parameter is cleansed in 1.5.3.1
Max CVSS
7.5
EPSS Score
0.84%
Published
2006-07-18
Updated
2024-03-21
Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a) admin/create_course.php, show_courses parameter to (b) users/create_course.php, (3) p parameter to (c) documentation/admin/, (4) forgot parameter to (d) password_reminder.php, (5) cat parameter to (e) users/browse.php, or the (6) submit parameter to admin/fix_content.php.
Max CVSS
2.6
EPSS Score
1.49%
Published
2006-07-10
Updated
2011-03-08
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!