Vulnerabilities > Atutor
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-28 | CVE-2023-27008 | Cross-site Scripting vulnerability in Atutor 2.2.1 A Cross-site scripting (XSS) vulnerability in the function encrypt_password() in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter. | 6.1 |
| 2022-04-08 | CVE-2021-43498 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Atutor 2.2.4 An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, form_password_hidden, and form_change HTTP POST parameters are set. | 7.5 |
| 2021-08-17 | CVE-2020-23341 | Cross-site Scripting vulnerability in Atutor A reflected cross site scripting (XSS) vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 6.1 |
| 2020-03-16 | CVE-2020-10557 | Unrestricted Upload of File with Dangerous Type vulnerability in Atutor Acontent An issue was discovered in AContent through 1.4. | 8.8 |
| 2020-03-02 | CVE-2015-1583 | Cross-Site Request Forgery (CSRF) vulnerability in Atutor 2.2 Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account via a request to mods/_core/users/admins/create.php or (2) create a user account via a request to mods/_core/users/create_user.php. | 8.8 |
| 2020-02-11 | CVE-2014-9753 | Improper Authentication vulnerability in Atutor confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter. | 9.8 |
| 2019-09-09 | CVE-2019-16114 | Incorrect Authorization vulnerability in Atutor In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. | 9.8 |
| 2019-06-03 | CVE-2019-12169 | Path Traversal vulnerability in Atutor 2.2.1/2.2.2/2.2.4 ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component. | 8.8 |
| 2019-05-17 | CVE-2019-12170 | Unrestricted Upload of File with Dangerous Type vulnerability in Atutor ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. | 8.8 |
| 2019-04-22 | CVE-2019-11446 | Unrestricted Upload of File with Dangerous Type vulnerability in Atutor An issue was discovered in ATutor through 2.2.4. | 8.8 |