5 matches found
Sql injection
SQL injection vulnerability in user/indexinlineeditorsubmit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167...
ATutor 1.2 - Multiple Vulnerabilities
ATutor 1.2 - Multiple Vulnerabilities Advisory ID: HTB23117 Product: AContent Vendor: ATutor Vulnerable Versions: 1.2 and probably prior Tested Version: 1.2 Vendor Notification: September 26, 2012 Public Disclosure: October 17, 2012 Vulnerability Type: SQL Injection CWE-89, Improper Authenticatio...
Multiple vulnerabilities in AContent
Advisory ID: HTB23117 Product: AContent Vendor: ATutor Vulnerable Versions: 1.2 and probably prior Tested Version: 1.2 Vendor Notification: September 26, 2012 Public Disclosure: October 17, 2012 Vulnerability Type: SQL Injection CWE-89, Improper Authentication CWE-287, Cross-Site Scripting CWE-79...
ATutor 1.2 - Multiple Vulnerabilities
Advisory ID: HTB23117 Product: AContent Vendor: ATutor Vulnerable Versions: 1.2 and probably prior Tested Version: 1.2 Vendor Notification: September 26, 2012 Public Disclosure: October 17, 2012 Vulnerability Type: SQL Injection CWE-89, Improper Authentication CWE-287, Cross-Site Scripting CWE-79...
ATutor AContent 1.2 XSS / Authentication / SQL Injection
Advisory ID: HTB23117 Product: AContent Vendor: ATutor Vulnerable Versions: 1.2 and probably prior Tested Version: 1.2 Vendor Notification: September 26, 2012 Public Disclosure: October 17, 2012 Vulnerability Type: SQL Injection CWE-89, Improper Authentication CWE-287, Cross-Site Scripting CWE-79...