Vulnerabilities > CVE-2005-4155 - Unspecified vulnerability in Adaptive Technology Resource Centre Atutor 1.5.1Pl2

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
adaptive-technology-resource-centre
exploit available
NVD
Published: 2005-12-11
Updated: 2008-09-05

Summary

registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a vulnerability in ATutor.

Vulnerable Configurations

Part Description Count
Application
Adaptive_Technology_Resource_Centre
1

Exploit-Db

descriptionATutor 1.5.1pl2 SQL Injection / Command Execution Exploit. CVE-2005-4155. Webapps exploit for php platform
idEDB-ID:1298
last seen2016-01-31
modified2005-11-07
published2005-11-07
reporterrgod
sourcehttps://www.exploit-db.com/download/1298/
titleATutor 1.5.1pl2 SQL Injection / Command Execution Exploit

References