Lucene search
+L

532 matches found

Positive Technologies
Positive Technologies
added 2019/06/03 12:0 a.m.7 views

PT-2019-12675 · Atutor · Atutor

Name of the Vulnerable Software and Affected Versions: ATutor version 2.2.4 Description: The issue allows for arbitrary file upload and directory traversal, resulting in remote code execution. This can be achieved by including a ".." pathname in a ZIP archive uploaded to specific components, such...

8.8CVSS9AI score0.73317EPSS
Exploits11References9
GithubExploit
GithubExploit
added 2019/05/24 5:15 a.m.135 views

Exploit for Path Traversal in Atutor

ATutor 2.2.4 Arbitrary File Upload / RCE CVE-2019-12169 - E...

9CVSS8.9AI score0.73317EPSS
Exploits12
Prion
Prion
added 2019/05/17 10:29 p.m.21 views

Design/Logic Flaw

ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/core/backups/upload.php aka backup component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...

9CVSS9AI score0.08749EPSS
Exploits3References3Affected Software1
NVD
NVD
added 2019/05/17 10:29 p.m.26 views

CVE-2019-12170

ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/core/backups/upload.php aka backup component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...

9CVSS8.9AI score0.08749EPSS
Exploits3References3
OSV
OSV
added 2019/05/17 10:29 p.m.14 views

CVE-2019-12170

ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/core/backups/upload.php aka backup component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...

8.8CVSS7.7AI score
Exploits0References3
CVE
CVE
added 2019/05/17 9:52 p.m.50 views

CVE-2019-12170

ATutor 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php backup component, enabling remote code execution when a crafted backup ZIP is uploaded by an attacker with instructor privileges. The issue allows PHP files to be written to the web root and executed on the...

9CVSS8.9AI score0.08749EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2019/05/17 9:52 p.m.27 views

CVE-2019-12170

ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/core/backups/upload.php aka backup component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...

9AI score0.08749EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2019/05/17 12:0 a.m.7 views

PT-2019-12676 · Atutor · Atutor

Name of the Vulnerable Software and Affected Versions: ATutor versions prior to 2.2.5 Description: The issue allows for arbitrary file uploads via the "mods/ core/backups/upload.php" component, potentially resulting in remote command execution. An attacker can use an instructor account to fully...

9CVSS9AI score0.08749EPSS
Exploits3References6
GithubExploit
GithubExploit
added 2019/05/13 6:1 a.m.93 views

Exploit for Unrestricted Upload of File with Dangerous Type in Atutor

ATutor-Instructor-Backup-Exploit - Exploit Title: ATutor 2.2...

9CVSS8.8AI score0.73317EPSS
Exploits12
NVD
NVD
added 2019/04/22 11:29 a.m.15 views

CVE-2019-11446

An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privilege. The Upload Files section in the File Manager field contains an arbitrary file upload vulnerability via upload.php. The $IllegalExtensions value only lists lowercase a...

8.8CVSS8.8AI score0.07948EPSS
Exploits1References2
OSV
OSV
added 2019/04/22 11:29 a.m.15 views

CVE-2019-11446

An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privilege. The Upload Files section in the File Manager field contains an arbitrary file upload vulnerability via upload.php. The $IllegalExtensions value only lists lowercase a...

8.8CVSS7.2AI score
Exploits0References2
Prion
Prion
added 2019/04/22 11:29 a.m.24 views

Design/Logic Flaw

An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privilege. The Upload Files section in the File Manager field contains an arbitrary file upload vulnerability via upload.php. The $IllegalExtensions value only lists lowercase a...

6.5CVSS8.7AI score0.07948EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/04/22 4:1 a.m.19 views

CVE-2019-11446

An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privilege. The Upload Files section in the File Manager field contains an arbitrary file upload vulnerability via upload.php. The $IllegalExtensions value only lists lowercase a...

8.8AI score0.07948EPSS
Exploits1References2
CVE
CVE
added 2019/04/22 4:1 a.m.51 views

CVE-2019-11446

CVE-2019-11446 affects ATutor up to version 2.2.4. It enables an arbitrary file upload via the File Manager’s upload.php, allowing a user with teacher privileges to run commands on the server. The root cause is an upload filter: the $IllegalExtensions list only includes lowercase extensions and o...

8.8CVSS8.8AI score0.07948EPSS
Exploits1References2Affected Software1
exploitpack
exploitpack
added 2019/04/12 12:0 a.m.21 views

ATutor 2.2.4 - file_manager Remote Code Execution (Metasploit)

ATutor 2.2.4 - filemanager Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ATutor %q This module allows the user to run commands on the server with teacher user...

Exploits0
Packet Storm
Packet Storm
added 2019/04/12 12:0 a.m.164 views

ATutor file_manager Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ATutor %q This module allows the user to run commands on the server with teacher user privilege. The 'Upload files' section in the 'File Manager'...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/04/12 12:0 a.m.332 views

ATutor 2.2.4 - file_manager Remote Code Execution Exploit #RCE

Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ATutor %q This module allows the user to run commands on the server with teacher user...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2019/04/12 12:0 a.m.60 views

ATutor < 2.2.4 - 'file_manager' Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ATutor %q This module allows the user to run commands on the server with teacher user privilege. The 'Upload files' section in the 'File Manager'...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2019/02/05 12:0 a.m.73 views

ATutor Detection

Detection of ATutor. The script sends a connection request to the server and attempts to detect ATutor. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7.2AI score
Exploits0References1
CNVD
CNVD
added 2019/01/30 12:0 a.m.6 views

ATutor cross-site scripting vulnerability (CNVD-2019-03592)

ATutor is an open source Web-based learning content management system LCMS developed by the ATutor team. The system includes teaching content management, forums, chat rooms and other modules. A cross-site scripting vulnerability exists in Atutor 2.2.4 and earlier versions. A remote attacker can...

6.1CVSS6.4AI score0.00865EPSS
Exploits1References1
Rows per page
Query Builder