Vulnerabilities > Atutor > Atutor > 2.0.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-07-17 | CVE-2017-1000003 | Improper Privilege Management vulnerability in Atutor ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application component resulting in privilege escalation. | 7.5 |
2017-07-17 | CVE-2017-1000002 | Path Traversal vulnerability in Atutor ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. | 7.5 |
2017-03-05 | CVE-2017-6483 | Cross-site Scripting vulnerability in Atutor Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. | 4.3 |
2017-02-07 | CVE-2016-2539 | Cross-Site Request Forgery (CSRF) vulnerability in Atutor Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file. | 6.8 |
2015-11-16 | CVE-2015-7712 | Unspecified vulnerability in Atutor Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and earlier allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the (1) asc or (2) desc parameter. | 6.5 |
2015-11-16 | CVE-2014-9752 | Unspecified vulnerability in Atutor Unrestricted file upload vulnerability in mods/_core/properties/lib/course.inc.php in ATutor before 2.2 patch 6 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension as a customicon for a new course, then accessing it via a direct request to the file in content/. | 6.5 |
2013-01-31 | CVE-2012-6528 | Cross-Site Scripting vulnerability in Atutor Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) themes/default/tile_search/index.tmpl.php, (2) login.php, (3) search.php, (4) password_reminder.php, (5) login.php/jscripts/infusion, (6) login.php/mods/_standard/flowplayer, (7) browse.php/jscripts/infusion/framework/fss, (8) registration.php/themes/default/ie_styles.css, (9) about.php, or (10) themes/default/social/basic_profile.tmpl.php. | 4.3 |