Vulnerabilities > Atutor > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-08 | CVE-2021-43498 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Atutor 2.2.4 An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, form_password_hidden, and form_change HTTP POST parameters are set. | 7.5 |
| 2020-03-16 | CVE-2020-10557 | Unrestricted Upload of File with Dangerous Type vulnerability in Atutor Acontent An issue was discovered in AContent through 1.4. | 8.8 |
| 2020-03-02 | CVE-2015-1583 | Cross-Site Request Forgery (CSRF) vulnerability in Atutor 2.2 Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account via a request to mods/_core/users/admins/create.php or (2) create a user account via a request to mods/_core/users/create_user.php. | 8.8 |
| 2019-06-03 | CVE-2019-12169 | Path Traversal vulnerability in Atutor 2.2.1/2.2.2/2.2.4 ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component. | 8.8 |
| 2019-05-17 | CVE-2019-12170 | Unrestricted Upload of File with Dangerous Type vulnerability in Atutor ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. | 8.8 |
| 2019-04-22 | CVE-2019-11446 | Unrestricted Upload of File with Dangerous Type vulnerability in Atutor An issue was discovered in ATutor through 2.2.4. | 8.8 |
| 2017-07-22 | CVE-2016-10400 | Path Traversal vulnerability in Atutor Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. | 7.5 |
| 2017-02-07 | CVE-2016-2539 | Cross-Site Request Forgery (CSRF) vulnerability in Atutor Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file. | 8.8 |