Vulnerabilities > CVE-2014-9752 - Unspecified vulnerability in Atutor
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unrestricted file upload vulnerability in mods/_core/properties/lib/course.inc.php in ATutor before 2.2 patch 6 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension as a customicon for a new course, then accessing it via a direct request to the file in content/. <a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>
Vulnerable Configurations
Packetstorm
data source | https://packetstormsecurity.com/files/download/134215/KIS-2015-05.txt |
id | PACKETSTORM:134215 |
last seen | 2016-12-05 |
published | 2015-11-04 |
reporter | EgiX |
source | https://packetstormsecurity.com/files/134215/ATutor-2.2-File-Upload.html |
title | ATutor 2.2 File Upload |