Lucene search
+L

532 matches found

exploitpack
exploitpack
added 2020/02/24 12:0 a.m.35 views

ATutor 2.2.4 - id SQL Injection

ATutor 2.2.4 - id SQL Injection Exploit Title: ATutor 2.2.4 - 'id' SQL Injection Date: 2020-02-23 Exploit Author: Andrey Stoykov Vendor Homepage: https://atutor.github.io/ Software Link: https://sourceforge.net/projects/atutor/files/latest/download Version: ATutor 2.2.4 Tested on: LAMP on Ubuntu...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2020/02/24 12:0 a.m.111 views

ATutor 2.2.4 - 'id' SQL Injection

Exploit Title: ATutor 2.2.4 - 'id' SQL Injection Date: 2020-02-23 Exploit Author: Andrey Stoykov Vendor Homepage: https://atutor.github.io/ Software Link: https://sourceforge.net/projects/atutor/files/latest/download Version: ATutor 2.2.4 Tested on: LAMP on Ubuntu 18.04 Steps to Reproduce: 1 Logi...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2020/02/23 12:0 a.m.111 views

ATutor 2.2.4 SQL Injection

Exploit Title: ATutor 2.2.4 - 'id' SQL Injection Date: 2020-02-23 Exploit Author: Andrey Stoykov Vendor Homepage: https://atutor.github.io/ Software Link: https://sourceforge.net/projects/atutor/files/latest/download Version: ATutor 2.2.4 Tested on: LAMP on Ubuntu 18.04 Steps to Reproduce: 1 Logi...

7.4AI score
Exploits0
NVD
NVD
added 2020/02/11 6:15 p.m.14 views

CVE-2014-9753

confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the autologin parameter...

9.8CVSS9.7AI score0.02908EPSS
Exploits2References5
Prion
Prion
added 2020/02/11 6:15 p.m.21 views

Authentication flaw

confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the autologin parameter...

7.5CVSS7.6AI score0.02908EPSS
Exploits2References5Affected Software1
CVE
CVE
added 2020/02/11 5:51 p.m.41 views

CVE-2014-9753

CVE-2014-9753 affects ATutor 2.2 and earlier. The vulnerability arises in confirm.php via the auto_login parameter, allowing remote attackers to bypass authentication and gain an existing user session by loading or forging session data (session variable handling). The provided code excerpt shows ...

9.8CVSS9.6AI score0.02908EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2020/02/11 5:51 p.m.21 views

CVE-2014-9753

confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the autologin parameter...

9.8AI score0.02908EPSS
Exploits2References5
NVD
NVD
added 2019/09/09 1:15 p.m.22 views

CVE-2019-16114

In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution...

9.8CVSS10AI score0.04783EPSS
Exploits1References2
OSV
OSV
added 2019/09/09 1:15 p.m.16 views

CVE-2019-16114

In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution...

9.8CVSS8AI score0.04783EPSS
Exploits1References2
Prion
Prion
added 2019/09/09 1:15 p.m.17 views

Remote code execution

In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution...

7.5CVSS9.9AI score0.04783EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/09/09 12:15 p.m.25 views

CVE-2019-16114

In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution...

10AI score0.04783EPSS
Exploits1References2
CVE
CVE
added 2019/09/09 12:15 p.m.44 views

CVE-2019-16114

ATutor 2.2.4 is affected by CVE-2019-16114. An unauthenticated attacker can first modify application settings to force the use of a crafted database, enabling access to the application. The attacker can then alter the upload directory, enabling remote code execution. The root cause is that instal...

9.8CVSS9.9AI score0.04783EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2019/08/06 12:0 a.m.5 views

ATutor Arbitrary Arbitrary File Upload Vulnerability

ATutor is a set of open source Web-based Learning Content Management System LCMS by the ATutor team. The system includes teaching content management, forums, chat rooms and other modules. A security vulnerability exists in ATutor version 2.2.4. An attacker can exploit the vulnerability to execute...

8.8CVSS7AI score0.73317EPSS
Exploits11References1
0day.today
0day.today
added 2019/08/06 12:0 a.m.57 views

ATutor 2.2.4 Arbitrary File Upload / Command Execution Exploit

Exploit for php platform in category web applications !/usr/bin/env python Exploit Title: ATutor 2.2.4 'languageimport' Arbitrary File Upload / RCE CVE-2019-12169 Date: 5/24/19 Exploit Author: liquidsky JMcPeters Vendor Homepage: https://atutor.github.io/ Software Link:...

6.8CVSS8.6AI score0.73317EPSS
Exploits11
Packet Storm
Packet Storm
added 2019/08/05 12:0 a.m.156 views

ATutor 2.2.4 Arbitrary File Upload / Command Execution

!/usr/bin/env python Exploit Title: ATutor 2.2.4 'languageimport' Arbitrary File Upload / RCE CVE-2019-12169 Date: 5/24/19 Exploit Author: liquidsky JMcPeters Vendor Homepage: https://atutor.github.io/ Software Link: https://sourceforge.net/projects/atutor/files/latest/download Version: 2.2.4...

6.8CVSS0.2AI score0.73317EPSS
Exploits11
Prion
Prion
added 2019/06/03 8:29 p.m.20 views

Directory traversal

ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/core/languages/languageimport.php aka Import New Language or mods/standard/patcher/indexadmin.php aka Patcher component...

6.8CVSS8.8AI score0.73317EPSS
Exploits11References5Affected Software1
NVD
NVD
added 2019/06/03 8:29 p.m.12 views

CVE-2019-12169

ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/core/languages/languageimport.php aka Import New Language or mods/standard/patcher/indexadmin.php aka Patcher component...

8.8CVSS8.9AI score0.73317EPSS
Exploits11References5
OSV
OSV
added 2019/06/03 8:29 p.m.13 views

CVE-2019-12169

ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/core/languages/languageimport.php aka Import New Language or mods/standard/patcher/indexadmin.php aka Patcher component...

8.8CVSS7.6AI score
Exploits0References5
Cvelist
Cvelist
added 2019/06/03 8:0 p.m.30 views

CVE-2019-12169

ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/core/languages/languageimport.php aka Import New Language or mods/standard/patcher/indexadmin.php aka Patcher component...

8.9AI score0.73317EPSS
Exploits11References5
CVE
CVE
added 2019/06/03 8:0 p.m.160 views

CVE-2019-12169

CVE-2019-12169 affects ATutor 2.2.4 and enables remote code execution via an arbitrary file upload and directory traversal. The vulnerability is triggered by a malformed ZIP archive exploiting a ".." pathname to drop PHP payloads into either mods/_core/languages/language_import.php (Import New La...

8.8CVSS8.7AI score0.73317EPSS
Exploits11References5Affected Software1
Rows per page
Query Builder