Vulnerabilities > Atutor > Atutor

DATE CVE VULNERABILITY TITLE RISK
2017-10-03 CVE-2017-14981 Cross-site Scripting vulnerability in Atutor
Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3.
network
atutor CWE-79
3.5
3.5
2017-08-31 CVE-2015-7711 Cross-site Scripting vulnerability in Atutor
Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter.
network
atutor CWE-79
4.3
4.3
2017-07-22 CVE-2016-10400 Path Traversal vulnerability in Atutor
Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php.
network
low complexity
atutor CWE-22
5.0
5.0
2017-07-17 CVE-2017-1000004 SQL Injection vulnerability in Atutor
ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend Search, Social Group Search, File Comment, Gradebook Test Title, User Group Membership, Inbox/Sent Items, Sent Messages, Links, Photo Album, Poll, Social Application, Social Profile, Test, Content Menu, Auto-Login, and Gradebook components resulting in information disclosure, database modification, or potential code execution.
network
low complexity
atutor CWE-89
7.5
7.5
2017-07-17 CVE-2017-1000003 Improper Privilege Management vulnerability in Atutor
ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application component resulting in privilege escalation.
network
low complexity
atutor CWE-269
7.5
7.5
2017-07-17 CVE-2017-1000002 Path Traversal vulnerability in Atutor
ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution.
network
low complexity
atutor CWE-22
7.5
7.5
2017-04-13 CVE-2016-2555 SQL Injection vulnerability in Atutor 2.2.1
SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.
network
low complexity
atutor CWE-89
critical
 9.8
9.8
2017-03-05 CVE-2017-6483 Cross-site Scripting vulnerability in Atutor
Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2.
network
atutor CWE-79
4.3
4.3
2017-02-07 CVE-2016-2539 Cross-Site Request Forgery (CSRF) vulnerability in Atutor
Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file.
network
atutor CWE-352
6.8
6.8
2015-11-16 CVE-2015-7712 Unspecified vulnerability in Atutor
Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and earlier allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the (1) asc or (2) desc parameter.
network
low complexity
atutor
6.5
6.5