CVE-2020-37147

ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'id' parameter of the admindelete.php...

EUVD-2017-1342

Malware in sbrugna...

EUVD-2021-30429

Malicious code in bioql PyPI...

CVE-2019-12169

ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/core/languages/languageimport.php aka Import New Language or mods/standard/patcher/indexadmin.php aka Patcher component...

CVE-2005-2044

Multiple cross-site scripting XSS vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the 1 showcourse parameter to browse.php, 2 subject parameter to contact.php, 3 cid parameter to content.php, 4 l parameter to inbox/sendmessage.php, th...

Directory traversal

ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/core/languages/languageimport.php aka Import New Language or mods/standard/patcher/indexadmin.php aka Patcher component...

PT-2006-6422 · Atutor · Atutor

Name of the Vulnerable Software and Affected Versions: ATutor version 1.5.3.2 Description: The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via several parameters in different PHP files, including the section parameter in "documentation/common/frame toc.php" a...

ATutor 1.5.1pl2 SQL Injection / Command Execution Exploit

No description provided by source. ?php atutor151pl2xpl.php 5.12 08/11/2005 Atutor 1.5.1 pl2 possibly prior versions SQL injection / / remote commands execution by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields, then go! make these changes in php.ini if...