Vulnerabilities > Tutos

DATE CVE VULNERABILITY TITLE RISK
2008-01-09 CVE-2008-0149 Unspecified vulnerability in Tutos 1.3
TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function.
network
low complexity
tutos
5.0
2008-01-09 CVE-2008-0148 Permissions, Privileges, and Access Controls vulnerability in Tutos 1.3
TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request.
network
low complexity
tutos CWE-264
critical
10.0
2004-12-31 CVE-2004-2162 Remote Input Validation vulnerability in Tutos 1.120040414
Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the search field of the Address Module or (2) the t parameter to app_new.php.
network
tutos
4.3
2004-12-31 CVE-2004-2161 Remote Input Validation vulnerability in Tutos 1.120040414
SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows remote attackers to execute arbitrary SQL commands via the link_id parameter.
network
low complexity
tutos
7.5