CVE-2014-9753

CVE-2014-9753 affects ATutor 2.2 and earlier. The vulnerability arises in confirm.php via the auto_login parameter, allowing remote attackers to bypass authentication and gain an existing user session by loading or forging session data (session variable handling). The provided code excerpt shows ...

ATutor 2.2 Session Variable Overloading Vulnerability

ATutor versions 2.2 and below suffer from a session variable overloading vulnerability. ---------------------------------------------------------------------- ATutor = 2.2 confirm.php Session Variable Overloading Vulnerability ----------------------------------------------------------------------...