Vulnerabilities > Atutor > Atutor > 2.1.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-07-17 | CVE-2017-1000003 | Improper Privilege Management vulnerability in Atutor ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application component resulting in privilege escalation. | 7.5 |
2017-07-17 | CVE-2017-1000002 | Path Traversal vulnerability in Atutor ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. | 7.5 |
2017-03-05 | CVE-2017-6483 | Cross-site Scripting vulnerability in Atutor Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. | 4.3 |
2017-02-07 | CVE-2016-2539 | Cross-Site Request Forgery (CSRF) vulnerability in Atutor Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file. | 6.8 |
2015-11-16 | CVE-2015-7712 | Unspecified vulnerability in Atutor Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and earlier allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the (1) asc or (2) desc parameter. | 6.5 |
2015-11-16 | CVE-2014-9752 | Unspecified vulnerability in Atutor Unrestricted file upload vulnerability in mods/_core/properties/lib/course.inc.php in ATutor before 2.2 patch 6 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension as a customicon for a new course, then accessing it via a direct request to the file in content/. | 6.5 |
2014-03-02 | CVE-2014-2091 | Cross-Site Scripting vulnerability in Atutor 2.1.1 Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action. | 3.5 |