Adaptive Technology Resource Centre

Atutor

14 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2007-0381

  • EPSS 0.48%
  • Published 19.01.2007 23:28:00
  • Last modified 09.04.2025 00:30:58

Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these issues.

7.5

CVE-2006-5734

  • EPSS 0.71%
  • Published 06.11.2006 18:07:00
  • Last modified 09.04.2025 00:30:58

Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2...

6.5

CVE-2006-3996

Exploit
  • EPSS 4.63%
  • Published 05.08.2006 00:04:00
  • Last modified 03.04.2025 01:03:51

SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters.

4.3

CVE-2006-3821

Exploit
  • EPSS 0.62%
  • Published 25.07.2006 13:22:00
  • Last modified 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day parameter in (b) registration.php.

7.5

CVE-2006-3662

Exploit
  • EPSS 0.83%
  • Published 18.07.2006 15:47:00
  • Last modified 03.04.2025 01:03:51

SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "The mentioned SQL injection vulnerability is not p...

2.6

CVE-2006-3484

Exploit
  • EPSS 1.15%
  • Published 10.07.2006 20:05:00
  • Last modified 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a) admin/create_course.php, show_courses parameter to ...

7.5

CVE-2005-4155

Exploit
  • EPSS 3.17%
  • Published 11.12.2005 02:03:00
  • Last modified 03.04.2025 01:03:51

registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in P...

4.3

CVE-2005-3403

Exploit
  • EPSS 1.28%
  • Published 01.11.2005 12:47:00
  • Last modified 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php, (2) the _base_path parameter in news.inc.php, and (...

7.5

CVE-2005-3404

Exploit
  • EPSS 9.52%
  • Published 01.11.2005 12:47:00
  • Last modified 03.04.2025 01:03:51

Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php.

7.5

CVE-2005-2954

Exploit
  • EPSS 1.24%
  • Published 16.09.2005 22:03:00
  • Last modified 03.04.2025 01:03:51

SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attackers to execute arbitrary SQL commands via the email field.