4 matches found
CVE-2014-9752
Unrestricted file upload vulnerability in mods/core/properties/lib/course.inc.php in ATutor before 2.2 patch 6 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension as a customicon for a new course, then accessing it via a direct request to the...
CVE-2014-9752
CVE-2014-9752 : ATutor before 2.2 patch 6 suffers an unrestricted file upload via the customicon field in mods/_core/properties/lib/course.inc.php. A remote authenticated user can upload a PHP file to /content/ and access it directly to execute code, requiring at least an account with permission ...
ATutor 2.2 File Upload Vulnerability
ATutor versions 2.2 and below suffer from a remote unrestricted file upload vulnerability. ------------------------------------------------------------------------- ATutor = 2.2 Custom Course Icon Unrestricted File Upload Vulnerability...
ATutor 2.2 File Upload
------------------------------------------------------------------------- ATutor = 2.2 Custom Course Icon Unrestricted File Upload Vulnerability ------------------------------------------------------------------------- - Software Link: http://www.atutor.ca/ - Affected Versions: Version 2.2 and...