Vulnerabilities > Adaptive Technology Resource Centre > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-19 | CVE-2007-0381 | SQL-Injection vulnerability in Adaptive Technology Resource Centre Atutor 1.5.3.2 Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. | 7.5 |
| 2006-11-06 | CVE-2006-5734 | Remote File Include vulnerability in Adaptive Technology Resource Centre Atutor 1.5.3.2 Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2) req_lang parameter in documentation/common/search.php and (c) documentation/common/vitals.inc.php, the (3) row[dir_name] parameter in (d) include/classes/module/module.class.php, and the (4) lang_path parameter in (e) include/classes/phpmailer/class.phpmailer.php. | 7.5 |
| 2005-12-11 | CVE-2005-4155 | Unspecified vulnerability in Adaptive Technology Resource Centre Atutor 1.5.1Pl2 registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. | 7.5 |
| 2005-11-01 | CVE-2005-3405 | Input Validation vulnerability in ATutor ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute arbitrary PHP functions via a direct request to forum.inc.php with a modified addslashes parameter with either the (1) asc or (2) desc parameters set, possibly due to an eval injection vulnerability. | 7.5 |
| 2005-11-01 | CVE-2005-3404 | Input Validation vulnerability in ATutor Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php. | 7.5 |
| 2005-09-16 | CVE-2005-2954 | SQL Injection vulnerability in Adaptive Technology Resource Centre Atutor 1.5.1 SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attackers to execute arbitrary SQL commands via the email field. | 7.5 |