Atutor

Atutor

29 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2019-7172

Exploit
  • EPSS 0.24%
  • Veröffentlicht 29.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:47:43

A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php.

5.4

CVE-2015-6521

Exploit
  • EPSS 0.21%
  • Veröffentlicht 10.10.2017 16:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2.

5.4

CVE-2017-14981

Exploit
  • EPSS 0.21%
  • Veröffentlicht 03.10.2017 01:29:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data (url in /mods/_standard/rss_feeds/edit_feed.php). An attacker could inject arbitrary HTML and script code into a browser...

6.1

CVE-2015-7711

Exploit
  • EPSS 0.75%
  • Veröffentlicht 31.08.2017 22:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter.

7.5

CVE-2016-10400

Exploit
  • EPSS 0.53%
  • Veröffentlicht 22.07.2017 17:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack.

9.8

CVE-2017-1000004

  • EPSS 2.22%
  • Veröffentlicht 17.07.2017 13:18:16
  • Zuletzt bearbeitet 20.04.2025 01:37:25

ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary...

9.8

CVE-2017-1000003

  • EPSS 0.28%
  • Veröffentlicht 17.07.2017 13:18:16
  • Zuletzt bearbeitet 20.04.2025 01:37:25

ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control...

9.8

CVE-2017-1000002

  • EPSS 60.22%
  • Veröffentlicht 17.07.2017 13:18:15
  • Zuletzt bearbeitet 20.04.2025 01:37:25

ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in ...

9.8

CVE-2016-2555

Exploit
  • EPSS 80.81%
  • Veröffentlicht 13.04.2017 14:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.

6.1

CVE-2017-6483

Exploit
  • EPSS 0.3%
  • Veröffentlicht 05.03.2017 20:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (lang_code in themes/*/admin/system_preferences/language_edit.tmpl.php)...