532 matches found
ATutor 2.2.4 - id SQL Injection
ATutor 2.2.4 - id SQL Injection Exploit Title: ATutor 2.2.4 - 'id' SQL Injection Date: 2020-02-23 Exploit Author: Andrey Stoykov Vendor Homepage: https://atutor.github.io/ Software Link: https://sourceforge.net/projects/atutor/files/latest/download Version: ATutor 2.2.4 Tested on: LAMP on Ubuntu...
ATutor 2.2.4 - 'id' SQL Injection
Exploit Title: ATutor 2.2.4 - 'id' SQL Injection Date: 2020-02-23 Exploit Author: Andrey Stoykov Vendor Homepage: https://atutor.github.io/ Software Link: https://sourceforge.net/projects/atutor/files/latest/download Version: ATutor 2.2.4 Tested on: LAMP on Ubuntu 18.04 Steps to Reproduce: 1 Logi...
ATutor 2.2.4 SQL Injection
Exploit Title: ATutor 2.2.4 - 'id' SQL Injection Date: 2020-02-23 Exploit Author: Andrey Stoykov Vendor Homepage: https://atutor.github.io/ Software Link: https://sourceforge.net/projects/atutor/files/latest/download Version: ATutor 2.2.4 Tested on: LAMP on Ubuntu 18.04 Steps to Reproduce: 1 Logi...
CVE-2014-9753
confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the autologin parameter...
Authentication flaw
confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the autologin parameter...
CVE-2014-9753
CVE-2014-9753 affects ATutor 2.2 and earlier. The vulnerability arises in confirm.php via the auto_login parameter, allowing remote attackers to bypass authentication and gain an existing user session by loading or forging session data (session variable handling). The provided code excerpt shows ...
CVE-2014-9753
confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the autologin parameter...
CVE-2019-16114
In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution...
CVE-2019-16114
In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution...
Remote code execution
In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution...
CVE-2019-16114
In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution...
CVE-2019-16114
ATutor 2.2.4 is affected by CVE-2019-16114. An unauthenticated attacker can first modify application settings to force the use of a crafted database, enabling access to the application. The attacker can then alter the upload directory, enabling remote code execution. The root cause is that instal...
ATutor Arbitrary Arbitrary File Upload Vulnerability
ATutor is a set of open source Web-based Learning Content Management System LCMS by the ATutor team. The system includes teaching content management, forums, chat rooms and other modules. A security vulnerability exists in ATutor version 2.2.4. An attacker can exploit the vulnerability to execute...
ATutor 2.2.4 Arbitrary File Upload / Command Execution Exploit
Exploit for php platform in category web applications !/usr/bin/env python Exploit Title: ATutor 2.2.4 'languageimport' Arbitrary File Upload / RCE CVE-2019-12169 Date: 5/24/19 Exploit Author: liquidsky JMcPeters Vendor Homepage: https://atutor.github.io/ Software Link:...
ATutor 2.2.4 Arbitrary File Upload / Command Execution
!/usr/bin/env python Exploit Title: ATutor 2.2.4 'languageimport' Arbitrary File Upload / RCE CVE-2019-12169 Date: 5/24/19 Exploit Author: liquidsky JMcPeters Vendor Homepage: https://atutor.github.io/ Software Link: https://sourceforge.net/projects/atutor/files/latest/download Version: 2.2.4...
Directory traversal
ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/core/languages/languageimport.php aka Import New Language or mods/standard/patcher/indexadmin.php aka Patcher component...
CVE-2019-12169
ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/core/languages/languageimport.php aka Import New Language or mods/standard/patcher/indexadmin.php aka Patcher component...
CVE-2019-12169
ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/core/languages/languageimport.php aka Import New Language or mods/standard/patcher/indexadmin.php aka Patcher component...
CVE-2019-12169
ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/core/languages/languageimport.php aka Import New Language or mods/standard/patcher/indexadmin.php aka Patcher component...
CVE-2019-12169
CVE-2019-12169 affects ATutor 2.2.4 and enables remote code execution via an arbitrary file upload and directory traversal. The vulnerability is triggered by a malformed ZIP archive exploiting a ".." pathname to drop PHP payloads into either mods/_core/languages/language_import.php (Import New La...