Vulnerabilities > Atutor

DATE CVE VULNERABILITY TITLE RISK
2020-03-16 CVE-2020-10557 Unrestricted Upload of File With Dangerous Type vulnerability in Atutor Acontent
An issue was discovered in AContent through 1.4.
network
low complexity
atutor CWE-434
6.5
2020-03-02 CVE-2015-1583 Cross-Site Request Forgery (CSRF) vulnerability in Atutor 2.2
Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account via a request to mods/_core/users/admins/create.php or (2) create a user account via a request to mods/_core/users/create_user.php.
network
atutor CWE-352
6.8
2020-02-11 CVE-2014-9753 Improper Authentication vulnerability in Atutor
confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter.
network
low complexity
atutor CWE-287
7.5
2019-09-09 CVE-2019-16114 Incorrect Authorization vulnerability in Atutor
In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application.
network
low complexity
atutor CWE-863
7.5
2019-06-03 CVE-2019-12169 Unrestricted Upload of File With Dangerous Type vulnerability in Atutor 2.2.1/2.2.2/2.2.4
ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component.
network
atutor CWE-434
6.8
2019-05-17 CVE-2019-12170 Unrestricted Upload of File With Dangerous Type vulnerability in Atutor
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component.
network
low complexity
atutor CWE-434
critical
9.0
2019-04-22 CVE-2019-11446 Unrestricted Upload of File With Dangerous Type vulnerability in Atutor
An issue was discovered in ATutor through 2.2.4.
network
low complexity
atutor CWE-434
6.5
2019-01-29 CVE-2019-7172 Cross-Site Scripting vulnerability in Atutor
A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php.
network
atutor CWE-79
4.3
2017-10-10 CVE-2015-6521 Cross-Site Scripting vulnerability in Atutor 2.2
Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2.
network
atutor CWE-79
3.5
2017-10-03 CVE-2017-14981 Cross-Site Scripting vulnerability in Atutor
Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3.
network
atutor CWE-79
3.5