Vulnerabilities > Atutor
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-11-16 | CVE-2015-7712 | Unspecified vulnerability in Atutor Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and earlier allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the (1) asc or (2) desc parameter. | 6.5 |
2015-11-16 | CVE-2014-9752 | Unspecified vulnerability in Atutor Unrestricted file upload vulnerability in mods/_core/properties/lib/course.inc.php in ATutor before 2.2 patch 6 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension as a customicon for a new course, then accessing it via a direct request to the file in content/. | 6.5 |
2014-03-02 | CVE-2014-2091 | Cross-Site Scripting vulnerability in Atutor 2.1.1 Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action. | 3.5 |
2013-01-31 | CVE-2012-6528 | Cross-Site Scripting vulnerability in Atutor Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) themes/default/tile_search/index.tmpl.php, (2) login.php, (3) search.php, (4) password_reminder.php, (5) login.php/jscripts/infusion, (6) login.php/mods/_standard/flowplayer, (7) browse.php/jscripts/infusion/framework/fss, (8) registration.php/themes/default/ie_styles.css, (9) about.php, or (10) themes/default/social/basic_profile.tmpl.php. | 4.3 |
2012-10-22 | CVE-2012-5454 | Permissions, Privileges, and Access Controls vulnerability in Atutor Acontent 1.2 user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. | 6.5 |
2012-10-22 | CVE-2012-5453 | SQL Injection vulnerability in Atutor Acontent 1.2 SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. | 6.5 |
2012-10-22 | CVE-2012-5169 | Cross-Site Scripting vulnerability in Atutor Acontent 1.2 Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the (1) pathext, (2) popup, (3) framed, or (4) file parameter. | 4.3 |
2012-10-22 | CVE-2012-5168 | Permissions, Privileges, and Access Controls vulnerability in Atutor Acontent 1.0/1.1/1.2 ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_inline_editor_submit.php. | 7.5 |
2012-10-22 | CVE-2012-5167 | SQL Injection vulnerability in Atutor Acontent 1.0/1.1/1.2 Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the (1) field parameter to course_category/index_inline_editor_submit.php or (2) user/index_inline_editor_submit.php; or (3) id parameter to user/user_password.php. | 7.5 |
2011-09-23 | CVE-2011-3706 | Information Exposure vulnerability in Atutor 2.0 ATutor 2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by users/tool_settings.inc.php and certain other files. | 5.0 |