Vulnerabilities > Atutor > Atutor > 2.2.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-1000002 | Path Traversal vulnerability in Atutor ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. | 7.5 |
| 2017-04-13 | CVE-2016-2555 | SQL Injection vulnerability in Atutor 2.2.1 SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php. | 9.8 |
| 2017-03-05 | CVE-2017-6483 | Cross-site Scripting vulnerability in Atutor Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. | 4.3 |
| 2017-02-07 | CVE-2016-2539 | Cross-Site Request Forgery (CSRF) vulnerability in Atutor Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file. | 6.8 |