Filtered by vendor Atutor
Subscriptions
Filtered by product Atutor
Subscriptions
Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1000002 | 1 Atutor | 1 Atutor | 2024-11-21 | N/A |
| ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure. | ||||
| CVE-2016-2555 | 1 Atutor | 1 Atutor | 2024-11-21 | N/A |
| SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php. | ||||
| CVE-2016-2539 | 1 Atutor | 1 Atutor | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file. | ||||
| CVE-2016-10400 | 1 Atutor | 1 Atutor | 2024-11-21 | N/A |
| Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack. | ||||
| CVE-2015-7711 | 1 Atutor | 1 Atutor | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter. | ||||
| CVE-2015-6521 | 1 Atutor | 1 Atutor | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2. | ||||
| CVE-2015-1583 | 1 Atutor | 1 Atutor | 2024-11-21 | 8.8 High |
| Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account via a request to mods/_core/users/admins/create.php or (2) create a user account via a request to mods/_core/users/create_user.php. | ||||
| CVE-2014-9753 | 1 Atutor | 1 Atutor | 2024-11-21 | 9.8 Critical |
| confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter. | ||||