Vulnerabilities > Tutos > Tutos > 1.3

DATE CVE VULNERABILITY TITLE RISK
2008-01-09 CVE-2008-0149 Unspecified vulnerability in Tutos 1.3
TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function.
network
low complexity
tutos
5.0
5.0
2008-01-09 CVE-2008-0148 Permissions, Privileges, and Access Controls vulnerability in Tutos 1.3
TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request.
network
low complexity
tutos CWE-264
critical
 10.0
10