Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

21 matches found

Positive Technologies
Positive Technologiesadded 2026/02/06 12:0 a.m.2 views

PT-2026-6821

Name of the Vulnerable Software and Affected Versions ATutor version 2.2.4 Description ATutor 2.2.4 has a SQL injection issue in the admin user deletion page. Authenticated attackers can manipulate database queries through the id parameter. Exploitation involves injecting malicious SQL code into...

7.1CVSS5.7AI score0.00012EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/05/22 9:35 p.m.5 views

CVE-2021-43498

An Access Control vulnerability exists in ATutor 2.2.4 in passwordreminder.php when the g, id, h, formpasswordhidden, and formchange HTTP POST parameters are set...

7.5CVSS6.8AI score0.00833EPSS
Exploits1
Packet Storm
Packet Stormadded 2025/01/28 12:0 a.m.337 views

ATutor 2.2.4 Host Header Injection

ATutor version 2.2.4 suffers from a host header injection vulnerability. Exploit Title: Host Header Injection - atutorv2.2.4 Date: 01/2025 Exploit Author: Andrey Stoykov Version: 2.2.4 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2025/01/friday-fun-pentest-series-18-host.html...

7.7AI score
Exploits0
Packet Storm
Packet Stormadded 2025/01/28 12:0 a.m.316 views

ATutor 2.2.4 Cross Site Scripting

ATutor version 2.2.4 suffers from a cross site scripting vulnerability. Exploit Title: Reflected XSS - atutorv2.2.4 Date: 01/2025 Exploit Author: Andrey Stoykov Version: 2.2.4 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2025/01/friday-fun-pentest-series-17-reflected.html...

6.6AI score
Exploits0
Prion
Prionadded 2022/04/08 7:15 p.m.13 views

Improper access control

An Access Control vulnerability exists in ATutor 2.2.4 in passwordreminder.php when the g, id, h, formpasswordhidden, and formchange HTTP POST parameters are set...

5CVSS7.5AI score0.00833EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2022/04/08 6:6 p.m.18 views

CVE-2021-43498

An Access Control vulnerability exists in ATutor 2.2.4 in passwordreminder.php when the g, id, h, formpasswordhidden, and formchange HTTP POST parameters are set...

7.7AI score0.00833EPSS
Exploits1References2
NVD
NVDadded 2021/08/17 10:15 p.m.11 views

CVE-2020-23341

A reflected cross site scripting XSS vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS0.00207EPSS
Exploits1References1
OSV
OSVadded 2021/08/17 10:15 p.m.14 views

CVE-2020-23341

A reflected cross site scripting XSS vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS5.7AI score
Exploits0References1
Prion
Prionadded 2021/08/17 10:15 p.m.14 views

Cross site scripting

A reflected cross site scripting XSS vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

4.3CVSS6AI score0.00207EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2021/08/17 9:45 p.m.59 views

CVE-2020-23341

CVE-2020-23341 is a reflected XSS vulnerability in ATutor 2.2.4, specifically in the /header.tmpl.php component. The provided documents state that an attacker can craft input to cause the execution of arbitrary web scripts or HTML in the victim’s browser. The Red Hat, NVD, OSV, and other feeds co...

6.1CVSS6AI score0.00207EPSS
Exploits1References1Affected Software1
0day.today
0day.todayadded 2020/06/30 12:0 a.m.161 views

ATutor 2.2.4 Directory Traversal / Remote Code Execution Exploit

This Metasploit module exploits an arbitrary file upload vulnerability together with a directory traversal flaw in ATutor versions 2.2.4, 2.2.2 and 2.2.1 in order to execute arbitrary commands. This module requires Metasploit: https://metasploit.com/download Current source:...

8.8CVSS9AI score0.7541EPSS
Exploits11
Metasploit
Metasploitadded 2020/06/12 8:2 p.m.33 views

ATutor 2.2.4 - Directory Traversal / Remote Code Execution,

This module exploits an arbitrary file upload vulnerability together with a directory traversal flaw in ATutor versions 2.2.4, 2.2.2 and 2.2.1 in order to execute arbitrary commands. It first creates a zip archive containing a malicious PHP file. The zip archive takes advantage of a directory...

8.8CVSS8.3AI score0.7541EPSS
Exploits11
Exploit DB
Exploit DBadded 2020/02/24 12:0 a.m.106 views

ATutor 2.2.4 - 'id' SQL Injection

Exploit Title: ATutor 2.2.4 - 'id' SQL Injection Date: 2020-02-23 Exploit Author: Andrey Stoykov Vendor Homepage: https://atutor.github.io/ Software Link: https://sourceforge.net/projects/atutor/files/latest/download Version: ATutor 2.2.4 Tested on: LAMP on Ubuntu 18.04 Steps to Reproduce: 1 Logi...

7AI score
Exploits0
exploitpack
exploitpackadded 2020/02/24 12:0 a.m.33 views

ATutor 2.2.4 - id SQL Injection

ATutor 2.2.4 - id SQL Injection Exploit Title: ATutor 2.2.4 - 'id' SQL Injection Date: 2020-02-23 Exploit Author: Andrey Stoykov Vendor Homepage: https://atutor.github.io/ Software Link: https://sourceforge.net/projects/atutor/files/latest/download Version: ATutor 2.2.4 Tested on: LAMP on Ubuntu...

0.1AI score
Exploits0
Packet Storm
Packet Stormadded 2020/02/23 12:0 a.m.107 views

ATutor 2.2.4 SQL Injection

Exploit Title: ATutor 2.2.4 - 'id' SQL Injection Date: 2020-02-23 Exploit Author: Andrey Stoykov Vendor Homepage: https://atutor.github.io/ Software Link: https://sourceforge.net/projects/atutor/files/latest/download Version: ATutor 2.2.4 Tested on: LAMP on Ubuntu 18.04 Steps to Reproduce: 1 Logi...

7.4AI score
Exploits0
OSV
OSVadded 2019/09/09 1:15 p.m.9 views

CVE-2019-16114

In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution...

9.8CVSS8AI score0.18282EPSS
Exploits1References2
NVD
NVDadded 2019/09/09 1:15 p.m.12 views

CVE-2019-16114

In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution...

9.8CVSS10AI score0.18282EPSS
Exploits1References2
Prion
Prionadded 2019/09/09 1:15 p.m.12 views

Remote code execution

In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution...

7.5CVSS9.9AI score0.18282EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2019/09/09 12:15 p.m.16 views

CVE-2019-16114

In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution...

10AI score0.18282EPSS
Exploits1References2
GithubExploit
GithubExploitadded 2019/05/24 5:15 a.m.62 views

Exploit for Path Traversal in Atutor

ATutor 2.2.4 Arbitrary File Upload / RCE CVE-2019-12169 - E...

9CVSS8.9AI score0.7541EPSS
Exploits12
Rows per page
Query Builder