2 matches found
CVE-2019-16114
In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution...
CVE-2019-16114
ATutor 2.2.4 is affected by CVE-2019-16114. An unauthenticated attacker can first modify application settings to force the use of a crafted database, enabling access to the application. The attacker can then alter the upload directory, enabling remote code execution. The root cause is that instal...