Vulnerabilities > CVE-2005-3404 - Input Validation vulnerability in ATutor
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Exploit-Db
description ATutor 1.x body_header.inc.php section Parameter Local File Inclusion. CVE-2005-3404 . Webapps exploit for php platform id EDB-ID:26432 last seen 2016-02-03 modified 2005-10-27 published 2005-10-27 reporter Andreas Sandblad source https://www.exploit-db.com/download/26432/ title ATutor 1.x body_header.inc.php section Parameter Local File Inclusion description ATutor 1.x print.php section Parameter Remote File Inclusion. CVE-2005-3404. Webapps exploit for php platform id EDB-ID:26433 last seen 2016-02-03 modified 2005-10-27 published 2005-10-27 reporter Andreas Sandblad source https://www.exploit-db.com/download/26433/ title ATutor 1.x print.php section Parameter Remote File Inclusion
Nessus
NASL family | CGI abuses |
NASL id | ATUTOR_MULTIPLE_FLAWS.NASL |
description | The remote host is running ATutor, an open source, web-based Learning Content Management System (LCMS) written in PHP. The version of ATutor installed on the remote host may be vulnerable to arbitrary command execution, arbitrary file access, and cross-site scripting attacks. Successful exploitation of the first two issues requires that PHP |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 20095 |
published | 2005-10-27 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/20095 |
title | ATutor < 1.5.1-pl1 Multiple Remote Vulnerabilities (XSS, RFI, Command Exe) |
code |
|
References
- http://marc.info/?l=bugtraq&m=113043022821049&w=2
- http://secunia.com/advisories/16915/
- http://secunia.com/secunia_research/2005-55/advisory/
- http://securityreason.com/securityalert/123
- http://securitytracker.com/id?1015165
- http://www.osvdb.org/20345
- http://www.osvdb.org/20346
- http://www.securityfocus.com/bid/15221
- http://www.vupen.com/english/advisories/2005/2228