3 matches found
CVE-2006-3662
SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "The mentioned SQL injection vulnerability is not possible." However, the relevant source code...
CVE-2006-3662
ATutor 1.5.3 contains a SQL injection in index.php via the fid parameter that could allow remote execution of arbitrary SQL commands. The vendor disputes the vulnerability, but source code analysis suggests it may be legitimate; the parameter is cleansed in version 1.5.3.1. Affected version: ATut...
CVE-2006-3662
SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "The mentioned SQL injection vulnerability is not possible." However, the relevant source code...