11 matches found
CVE-2016-2555
SQL injection vulnerability in include/lib/mysqlconnect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php...
CVE-2016-2555
SQL injection vulnerability in include/lib/mysqlconnect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php...
CVE-2016-2555
SQL injection vulnerability in include/lib/mysqlconnect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php...
CVE-2016-2555
ATutor 2.2.1 contains a SQL Injection vulnerability in include/lib/mysql_connect.inc.php. The flaw allows remote attackers to execute arbitrary SQL commands through the searchFriends function in friends.inc.php, as detailed in exploit paths (e.g., Exploit-DB entry 39514) and related Metasploit mo...
ATutor 2.2.1远程代码执行漏洞
No description provided by source...
ATutor 2.2.1 Directory Traversal / Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'ATutor 2.2.1 Directory Traversal / Remote Code Execution', 'Description' = %q This module exploits a directory traversal...
SRC-2016-0020 : ATutor LMS view_transcript File Disclosure Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability may allow remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...
SRC-2016-0015 : ATutor LMS write_temp_file File Write Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...
SRC-2016-0019 : ATutor LMS get_course_icon File Disclosure Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability may allow remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...
ATutor 2.2.1 - SQL Injection / Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ATutor 2.2.1 SQL Injection / Remote Code Execution', 'Description' = %q This module exploits a SQL Injection vulnerability and an...
SRC-2016-0006 : ATutor LMS updateAdditionalInformation SQL Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...