532 matches found
PT-2019-12675 · Atutor · Atutor
Name of the Vulnerable Software and Affected Versions: ATutor version 2.2.4 Description: The issue allows for arbitrary file upload and directory traversal, resulting in remote code execution. This can be achieved by including a ".." pathname in a ZIP archive uploaded to specific components, such...
Exploit for Path Traversal in Atutor
ATutor 2.2.4 Arbitrary File Upload / RCE CVE-2019-12169 - E...
Design/Logic Flaw
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/core/backups/upload.php aka backup component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...
CVE-2019-12170
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/core/backups/upload.php aka backup component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...
CVE-2019-12170
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/core/backups/upload.php aka backup component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...
CVE-2019-12170
ATutor 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php backup component, enabling remote code execution when a crafted backup ZIP is uploaded by an attacker with instructor privileges. The issue allows PHP files to be written to the web root and executed on the...
CVE-2019-12170
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/core/backups/upload.php aka backup component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...
PT-2019-12676 · Atutor · Atutor
Name of the Vulnerable Software and Affected Versions: ATutor versions prior to 2.2.5 Description: The issue allows for arbitrary file uploads via the "mods/ core/backups/upload.php" component, potentially resulting in remote command execution. An attacker can use an instructor account to fully...
Exploit for Unrestricted Upload of File with Dangerous Type in Atutor
ATutor-Instructor-Backup-Exploit - Exploit Title: ATutor 2.2...
CVE-2019-11446
An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privilege. The Upload Files section in the File Manager field contains an arbitrary file upload vulnerability via upload.php. The $IllegalExtensions value only lists lowercase a...
CVE-2019-11446
An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privilege. The Upload Files section in the File Manager field contains an arbitrary file upload vulnerability via upload.php. The $IllegalExtensions value only lists lowercase a...
Design/Logic Flaw
An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privilege. The Upload Files section in the File Manager field contains an arbitrary file upload vulnerability via upload.php. The $IllegalExtensions value only lists lowercase a...
CVE-2019-11446
An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privilege. The Upload Files section in the File Manager field contains an arbitrary file upload vulnerability via upload.php. The $IllegalExtensions value only lists lowercase a...
CVE-2019-11446
CVE-2019-11446 affects ATutor up to version 2.2.4. It enables an arbitrary file upload via the File Manager’s upload.php, allowing a user with teacher privileges to run commands on the server. The root cause is an upload filter: the $IllegalExtensions list only includes lowercase extensions and o...
ATutor 2.2.4 - file_manager Remote Code Execution (Metasploit)
ATutor 2.2.4 - filemanager Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ATutor %q This module allows the user to run commands on the server with teacher user...
ATutor file_manager Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ATutor %q This module allows the user to run commands on the server with teacher user privilege. The 'Upload files' section in the 'File Manager'...
ATutor 2.2.4 - file_manager Remote Code Execution Exploit #RCE
Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ATutor %q This module allows the user to run commands on the server with teacher user...
ATutor < 2.2.4 - 'file_manager' Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ATutor %q This module allows the user to run commands on the server with teacher user privilege. The 'Upload files' section in the 'File Manager'...
ATutor Detection
Detection of ATutor. The script sends a connection request to the server and attempts to detect ATutor. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
ATutor cross-site scripting vulnerability (CNVD-2019-03592)
ATutor is an open source Web-based learning content management system LCMS developed by the ATutor team. The system includes teaching content management, forums, chat rooms and other modules. A cross-site scripting vulnerability exists in Atutor 2.2.4 and earlier versions. A remote attacker can...