CVE-2005-2955
ATutor 1.5.1 (and possibly earlier) is affected by CVE-2005-2955 due to an incomplete blacklist in config.inc.php that fails to block dangerous file extensions during upload, allowing authenticated administrators/educators to execute arbitrary code by uploading files with extensions like .inc or ...