Vulnerabilities > Atutor > Atutor > 0.9.7

DATE CVE VULNERABILITY TITLE RISK
2021-08-17 CVE-2020-23341 Cross-site Scripting vulnerability in Atutor
A reflected cross site scripting (XSS) vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
network
low complexity
atutor CWE-79
6.1
6.1
2020-02-11 CVE-2014-9753 Improper Authentication vulnerability in Atutor
confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter.
network
low complexity
atutor CWE-287
critical
 9.8
9.8
2019-09-09 CVE-2019-16114 Incorrect Authorization vulnerability in Atutor
In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application.
network
low complexity
atutor CWE-863
critical
 9.8
9.8
2019-05-17 CVE-2019-12170 Unrestricted Upload of File with Dangerous Type vulnerability in Atutor
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component.
network
low complexity
atutor CWE-434
8.8
8.8
2019-04-22 CVE-2019-11446 Unrestricted Upload of File with Dangerous Type vulnerability in Atutor
An issue was discovered in ATutor through 2.2.4.
network
low complexity
atutor CWE-434
8.8
8.8
2019-01-29 CVE-2019-7172 Cross-site Scripting vulnerability in Atutor
A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php.
network
low complexity
atutor CWE-79
6.1
6.1
2017-10-03 CVE-2017-14981 Cross-site Scripting vulnerability in Atutor
Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3.
network
low complexity
atutor CWE-79
5.4
5.4
2017-08-31 CVE-2015-7711 Cross-site Scripting vulnerability in Atutor
Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter.
network
low complexity
atutor CWE-79
6.1
6.1
2017-07-22 CVE-2016-10400 Path Traversal vulnerability in Atutor
Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php.
network
low complexity
atutor CWE-22
7.5
7.5
2017-07-17 CVE-2017-1000004 SQL Injection vulnerability in Atutor
ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend Search, Social Group Search, File Comment, Gradebook Test Title, User Group Membership, Inbox/Sent Items, Sent Messages, Links, Photo Album, Poll, Social Application, Social Profile, Test, Content Menu, Auto-Login, and Gradebook components resulting in information disclosure, database modification, or potential code execution.
network
low complexity
atutor CWE-89
critical
 9.8
9.8