ID CVE-2015-7712 Type cve Reporter NVD Modified 2015-11-17T10:20:18
Description
Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and earlier allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the (1) asc or (2) desc parameter.
{"viewCount": 0, "lastseen": "2016-09-03T23:18:32", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "type": "cve", "description": "Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and earlier allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the (1) asc or (2) desc parameter.", "assessment": {"name": "", "system": "", "href": ""}, "reporter": "NVD", "published": "2015-11-16T14:59:02", "history": [], "title": "CVE-2015-7712", "cpe": ["cpe:/a:atutor:atutor:2.2"], "bulletinFamily": "NVD", "edition": 1, "scanner": [], "id": "CVE-2015-7712", "cvelist": ["CVE-2015-7712"], "hash": "de8d0fb376147869437ef398a72ec21e3c0643981ae3aaa708a68786540e9c10", "modified": "2015-11-17T10:20:18", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7712", "objectVersion": "1.2", "references": ["http://seclists.org/fulldisclosure/2015/Nov/13", "http://karmainsecurity.com/KIS-2015-08", "http://packetstormsecurity.com/files/134218/ATutor-2.2-PHP-Code-Injection.html", "http://www.securityfocus.com/archive/1/archive/1/536836/100/0/threaded"], "enchantments": {"vulnersScore": 6.8}}
